diff options
| author | Guy Brand <gb@unistra.fr> | 2012-09-10 17:04:45 +0200 |
|---|---|---|
| committer | Guy Brand <gb@unistra.fr> | 2012-09-10 17:04:45 +0200 |
| commit | 0f8ac4e8c5872a6b68b350f96a9ecde0291edefa (patch) | |
| tree | ad7938bb4143d5e5a38fd7a8d131e4171aec657d /lib/plugins/acl/ajax.php | |
| parent | 58ec8fa9128e4581749955de87530f432e387588 (diff) | |
| parent | b31fcef02fd24b3e746c9618e77152c7b84c2f2a (diff) | |
| download | rpg-0f8ac4e8c5872a6b68b350f96a9ecde0291edefa.tar.gz rpg-0f8ac4e8c5872a6b68b350f96a9ecde0291edefa.tar.bz2 | |
Merge branch 'master' into stable
Diffstat (limited to 'lib/plugins/acl/ajax.php')
| -rw-r--r-- | lib/plugins/acl/ajax.php | 22 |
1 files changed, 13 insertions, 9 deletions
diff --git a/lib/plugins/acl/ajax.php b/lib/plugins/acl/ajax.php index 71a2eb03a..10e18af97 100644 --- a/lib/plugins/acl/ajax.php +++ b/lib/plugins/acl/ajax.php @@ -6,35 +6,39 @@ * @author Andreas Gohr <andi@splitbrain.org> */ -//fix for Opera XMLHttpRequests -if(!count($_POST) && !empty($HTTP_RAW_POST_DATA)){ - parse_str($HTTP_RAW_POST_DATA, $_POST); -} - if(!defined('DOKU_INC')) define('DOKU_INC',dirname(__FILE__).'/../../../'); require_once(DOKU_INC.'inc/init.php'); //close session session_write_close(); +global $conf; +global $ID; +global $INPUT; + +//fix for Opera XMLHttpRequests +$postData = http_get_raw_post_data(); +if(!count($_POST) && !empty($postData)){ + parse_str($postData, $_POST); +} + if(!auth_isadmin()) die('for admins only'); if(!checkSecurityToken()) die('CRSF Attack'); $ID = getID(); +/** @var $acl admin_plugin_acl */ $acl = plugin_load('admin','acl'); $acl->handle(); -$ajax = $_REQUEST['ajax']; +$ajax = $INPUT->str('ajax'); header('Content-Type: text/html; charset=utf-8'); if($ajax == 'info'){ $acl->_html_info(); }elseif($ajax == 'tree'){ - global $conf; - global $ID; $dir = $conf['datadir']; - $ns = $_REQUEST['ns']; + $ns = $INPUT->str('ns'); if($ns == '*'){ $ns =''; } |