Rev 579 | Rev 639 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
| Rev 579 | Rev 607 | ||
|---|---|---|---|
| Line 27... | Line 27... | ||
| 27 | OIDplus::authUtils()->disableCSRF(); // allow access to ajax.php without valid CSRF token |
27 | OIDplus::authUtils()->disableCSRF(); // allow access to ajax.php without valid CSRF token |
| 28 | } |
28 | } |
| 29 | 29 | ||
| 30 | $json_out = null; |
30 | $json_out = null; |
| 31 | 31 | ||
| 32 | OIDplus::authUtils()->checkCSRF(); |
- | |
| 33 | - | ||
| 34 | if (isset($_REQUEST['plugin']) && ($_REQUEST['plugin'] != '')) { |
32 | if (isset($_REQUEST['plugin']) && ($_REQUEST['plugin'] != '')) { |
| 35 | 33 | ||
| 36 | // Actions handled by plugins |
34 | // Actions handled by plugins |
| 37 | 35 | ||
| 38 | $plugin = OIDplus::getPluginByOid($_REQUEST['plugin']); |
36 | $plugin = OIDplus::getPluginByOid($_REQUEST['plugin']); |
| 39 | if (!$plugin) { |
37 | if (!$plugin) { |
| 40 | throw new OIDplusException(_L('Plugin with OID "%1" not found',$_REQUEST['plugin'])); |
38 | throw new OIDplusException(_L('Plugin with OID "%1" not found',$_REQUEST['plugin'])); |
| 41 | } |
39 | } |
| 42 | 40 | ||
| 43 | if (!OIDplus::baseconfig()->getValue('DISABLE_AJAX_TRANSACTIONS',false) && OIDplus::db()->transaction_supported()) { |
- | |
| 44 | OIDplus::db()->transaction_begin(); |
- | |
| 45 | } |
- | |
| 46 | - | ||
| 47 | $params = array(); |
41 | $params = array(); |
| 48 | foreach (array_merge($_POST,$_GET) as $name => $val) { |
42 | foreach (array_merge($_POST,$_GET) as $name => $val) { |
| 49 | if (($name != 'action') && ($name != 'plugin')) { |
43 | if (($name != 'action') && ($name != 'plugin')) { |
| 50 | $params[$name] = $val; |
44 | $params[$name] = $val; |
| 51 | } |
45 | } |
| 52 | } |
46 | } |
| 53 | 47 | ||
| 54 | if (isset($_REQUEST['action']) && ($_REQUEST['action'] != '')) { |
48 | if (isset($_REQUEST['action']) && ($_REQUEST['action'] != '')) { |
| - | 49 | if ($plugin->csrfUnlock($_REQUEST['action'])) { |
|
| - | 50 | originHeaders(); // Allows queries from other domains |
|
| - | 51 | OIDplus::authUtils()->disableCSRF(); // allow access to ajax.php without valid CSRF token |
|
| - | 52 | } |
|
| - | 53 | ||
| - | 54 | OIDplus::authUtils()->checkCSRF(); |
|
| - | 55 | ||
| - | 56 | if (!OIDplus::baseconfig()->getValue('DISABLE_AJAX_TRANSACTIONS',false) && OIDplus::db()->transaction_supported()) { |
|
| - | 57 | OIDplus::db()->transaction_begin(); |
|
| - | 58 | } |
|
| - | 59 | ||
| 55 | $json_out = $plugin->action($_REQUEST['action'], $params); |
60 | $json_out = $plugin->action($_REQUEST['action'], $params); |
| 56 | if (!is_array($json_out)) { |
61 | if (!is_array($json_out)) { |
| 57 | throw new OIDplusException(_L('Plugin with OID %1 did not output array of result data',$_REQUEST['plugin'])); |
62 | throw new OIDplusException(_L('Plugin with OID %1 did not output array of result data',$_REQUEST['plugin'])); |
| 58 | } |
63 | } |
| 59 | if (!isset($json_out['status'])) $json_out['status'] = -1; |
64 | if (!isset($json_out['status'])) $json_out['status'] = -1; |
| Line 67... | Line 72... | ||
| 67 | 72 | ||
| 68 | } else { |
73 | } else { |
| 69 | 74 | ||
| 70 | // Actions handled by the system (base functionality like the JS tree) |
75 | // Actions handled by the system (base functionality like the JS tree) |
| 71 | 76 | ||
| - | 77 | OIDplus::authUtils()->checkCSRF(); |
|
| - | 78 | ||
| 72 | if (isset($_REQUEST['action']) && ($_REQUEST['action'] == 'get_description')) { |
79 | if (isset($_REQUEST['action']) && ($_REQUEST['action'] == 'get_description')) { |
| 73 | // Action: get_description |
80 | // Action: get_description |
| 74 | // Method: GET / POST |
81 | // Method: GET / POST |
| 75 | // Parameters: id |
82 | // Parameters: id |
| 76 | // Outputs: JSON |
83 | // Outputs: JSON |