From e340305d69cfd468790fdcd641f289bab3caf8f1 Mon Sep 17 00:00:00 2001 From: Roman Kelesidis Date: Tue, 7 Mar 2023 17:44:48 +0700 Subject: [PATCH] Check if request is ajax MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Проверяет является ли запрос AJAX запросом. Через проверку наличия X-Requested-With: XMLHttpRequest. --- common.php | 5 +++++ library/includes/init_bb.php | 1 + src/Legacy/Ajax.php | 4 ++++ 3 files changed, 10 insertions(+) diff --git a/common.php b/common.php index b0a27f4c0..9be250830 100644 --- a/common.php +++ b/common.php @@ -198,6 +198,11 @@ switch ($bb_cfg['datastore_type']) { $datastore = new TorrentPier\Legacy\Datastore\File($bb_cfg['cache']['db_dir'] . 'datastore/', $bb_cfg['cache']['prefix']); } +function is_ajax(): bool +{ + return (!empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest'); +} + function sql_dbg_enabled() { return (SQL_DEBUG && DBG_USER && !empty($_COOKIE['sql_log'])); diff --git a/library/includes/init_bb.php b/library/includes/init_bb.php index dfe2f88e5..825ae4da0 100644 --- a/library/includes/init_bb.php +++ b/library/includes/init_bb.php @@ -147,6 +147,7 @@ define('SEARCH_TYPE_TRACKER', 1); // Ajax error codes define('E_AJAX_GENERAL_ERROR', 1000); define('E_AJAX_NEED_LOGIN', 1001); +define('E_AJAX_NOT_REQUEST', 1002); // Private messaging define('PRIVMSGS_READ_MAIL', 0); diff --git a/src/Legacy/Ajax.php b/src/Legacy/Ajax.php index fbae127cd..f779a72da 100644 --- a/src/Legacy/Ajax.php +++ b/src/Legacy/Ajax.php @@ -74,6 +74,10 @@ class Ajax // Action params $action_params = null; + if (!is_ajax()) { + $this->ajax_die('Not AJAX request', E_AJAX_NOT_REQUEST); + } + if (!$action || !\is_string($action)) { $this->ajax_die('no action specified'); } elseif (!$action_params =& $this->valid_actions[$action]) {