holm/egroupware
1
1
Fork 0
forked from extern/egroupware
Code Issues Pull Requests Packages Projects Releases Wiki Activity

"allow ajax calls from classes ending with ajax, as starting with ajax does not conform with naming schema"

Browse Source
This commit is contained in:
Ralf Becker 2008-06-07 16:55:50 +00:00
parent ab8a36cede
commit d85ed846fe
1 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
xajax.php
View File

@ -15,7 +15,7 @@
/** /**
* callback if the session-check fails, redirects via xajax to login.php * callback if the session-check fails, redirects via xajax to login.php
* *
* @param array &$anon_account anon account_info with keys 'login', 'passwd' and optional 'passwd_type' * @param array &$anon_account anon account_info with keys 'login', 'passwd' and optional 'passwd_type'
* @return boolean/string true if we allow anon access and anon_account is set, a sessionid or false otherwise * @return boolean/string true if we allow anon access and anon_account is set, a sessionid or false otherwise
*/ */
@ -35,13 +35,13 @@
function doXMLHTTP() function doXMLHTTP()
{ {
$numargs = func_num_args(); $numargs = func_num_args();
if($numargs < 1) if($numargs < 1)
return false; return false;
$argList = func_get_args(); $argList = func_get_args();
$arg0 = array_shift($argList); $arg0 = array_shift($argList);
if(get_magic_quotes_gpc()) { if(get_magic_quotes_gpc()) {
foreach($argList as $key => $value) { foreach($argList as $key => $value) {
if(is_array($value)) { if(is_array($value)) {
@ -56,7 +56,7 @@
//error_log("xajax_doXMLHTTP('$arg0',...)"); //error_log("xajax_doXMLHTTP('$arg0',...)");
@list($appName, $className, $functionName, $handler) = explode('.',$arg0); @list($appName, $className, $functionName, $handler) = explode('.',$arg0);
$GLOBALS['egw_info'] = array( $GLOBALS['egw_info'] = array(
'flags' => array( 'flags' => array(
'currentapp' => $appName, 'currentapp' => $appName,
@ -91,7 +91,8 @@
$arg0 = ($appName = 'etemplate').'.'.$className.'.'.$functionName; $arg0 = ($appName = 'etemplate').'.'.$className.'.'.$functionName;
break; break;
} }
if(substr($className,0,4) != 'ajax' && $arg0 != 'etemplate.etemplate.process_exec' && substr($functionName,0,4) != 'ajax' || if(substr($className,0,4) != 'ajax' && substr($className,-4) != 'ajax' &&
$arg0 != 'etemplate.etemplate.process_exec' && substr($functionName,0,4) != 'ajax' ||
!preg_match('/^[A-Za-z0-9_]+\.[A-Za-z0-9_]+\.[A-Za-z0-9_]+$/',$arg0)) !preg_match('/^[A-Za-z0-9_]+\.[A-Za-z0-9_]+\.[A-Za-z0-9_]+$/',$arg0))
{ {
// stopped for security reasons // stopped for security reasons
@ -105,5 +106,5 @@
} }
$xajax = new xajax($_SERVER['PHP_SELF']); $xajax = new xajax($_SERVER['PHP_SELF']);
$xajax->registerFunction('doXMLHTTP'); $xajax->registerFunction('doXMLHTTP');
$xajax->processRequests(); $xajax->processRequests();