diff options
| author | Dominik Eckelmann <deckelmann@gmail.com> | 2012-03-21 11:25:00 +0100 |
|---|---|---|
| committer | Dominik Eckelmann <deckelmann@gmail.com> | 2012-03-21 11:25:00 +0100 |
| commit | 96946cc94d3ecb3832e2a1ce35c49743e25329e1 (patch) | |
| tree | 6b44d893b21c272a1c5442ddcdbe470432de19be /lib/plugins/acl/ajax.php | |
| parent | c2eb026d070a5ba9ba1ee8754c3a862a026a7ea8 (diff) | |
| download | rpg-96946cc94d3ecb3832e2a1ce35c49743e25329e1.tar.gz rpg-96946cc94d3ecb3832e2a1ce35c49743e25329e1.tar.bz2 | |
replaced $HTTP_RAW_POST_DATA with http_get_raw_post_data function
Diffstat (limited to 'lib/plugins/acl/ajax.php')
| -rw-r--r-- | lib/plugins/acl/ajax.php | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/lib/plugins/acl/ajax.php b/lib/plugins/acl/ajax.php index 71a2eb03a..3a5d89c08 100644 --- a/lib/plugins/acl/ajax.php +++ b/lib/plugins/acl/ajax.php @@ -6,16 +6,17 @@ * @author Andreas Gohr <andi@splitbrain.org> */ -//fix for Opera XMLHttpRequests -if(!count($_POST) && !empty($HTTP_RAW_POST_DATA)){ - parse_str($HTTP_RAW_POST_DATA, $_POST); -} - if(!defined('DOKU_INC')) define('DOKU_INC',dirname(__FILE__).'/../../../'); require_once(DOKU_INC.'inc/init.php'); //close session session_write_close(); +//fix for Opera XMLHttpRequests +$postData = http_get_raw_post_data(); +if(!count($_POST) && !empty($postData)){ + parse_str($postData, $_POST); +} + if(!auth_isadmin()) die('for admins only'); if(!checkSecurityToken()) die('CRSF Attack'); |