************************************************************************/
// Some security stuff...
-if ((!defined('__SECURITY')) || (!isAdmin())) {
- die();
+if ((!defined('__SECURITY')) || (!isAjaxOutputMode()) || (!isAdmin())) {
+ header('HTTP/1.1 403 Forbidden');
+ die(json_encode(array('reply_content' => 'Access forbidden'), JSON_FORCE_OBJECT));
} // END - if
// "Generates" admin content by loading a message template
function generateAdminContent () {
// Return it
- return displayMessage('{--ADMIN_AJAX_MENU_IS_LOADING--}', true);
+ return displayMessage('{--ADMIN_AJAX_MENU_IS_LOADING--}', TRUE);
}
// Processes AJAX requests for admin menu
// Again we do a call-back, so generate a function name depending on 'do'
$callbackName = 'doAjaxAdmin' . capitalizeUnderscoreString(postRequestElement('do'));
+ $GLOBALS['ajax_callback_function'] = $callbackName;
// Is the call-back function there?
if (!function_exists($callbackName)) {
// Is the HTTP status still the same? (204 No Content)
if (getHttpStatus() == '204 No Content') {
// We use the current access level 'install' as prefix and construct a template name
- setAjaxReplyContent(loadTemplate('admin_area_' . trim(postRequestElement('tab')), true));
+ setAjaxReplyContent(loadTemplate('admin_area_' . trim(postRequestElement('tab')), TRUE));
// Has the template been loaded?
if (isset($GLOBALS['template_content']['html']['admin_page_' . trim(postRequestElement('tab'))])) {
setHttpStatus('200 OK');
} else {
// Set 404 error
- setHttpStatus('404 NOT FOUND');
+ setHttpStatus('404 Not Found');
}
} // END - if
}
+
// [EOF]
?>
projects / mailer.git / blobdiff