diff options
Diffstat (limited to 'lib/plugins/acl/ajax.php')
| -rw-r--r-- | lib/plugins/acl/ajax.php | 22 |
1 files changed, 13 insertions, 9 deletions
diff --git a/lib/plugins/acl/ajax.php b/lib/plugins/acl/ajax.php index 71a2eb03a..10e18af97 100644 --- a/lib/plugins/acl/ajax.php +++ b/lib/plugins/acl/ajax.php @@ -6,35 +6,39 @@ * @author Andreas Gohr <andi@splitbrain.org> */ -//fix for Opera XMLHttpRequests -if(!count($_POST) && !empty($HTTP_RAW_POST_DATA)){ - parse_str($HTTP_RAW_POST_DATA, $_POST); -} - if(!defined('DOKU_INC')) define('DOKU_INC',dirname(__FILE__).'/../../../'); require_once(DOKU_INC.'inc/init.php'); //close session session_write_close(); +global $conf; +global $ID; +global $INPUT; + +//fix for Opera XMLHttpRequests +$postData = http_get_raw_post_data(); +if(!count($_POST) && !empty($postData)){ + parse_str($postData, $_POST); +} + if(!auth_isadmin()) die('for admins only'); if(!checkSecurityToken()) die('CRSF Attack'); $ID = getID(); +/** @var $acl admin_plugin_acl */ $acl = plugin_load('admin','acl'); $acl->handle(); -$ajax = $_REQUEST['ajax']; +$ajax = $INPUT->str('ajax'); header('Content-Type: text/html; charset=utf-8'); if($ajax == 'info'){ $acl->_html_info(); }elseif($ajax == 'tree'){ - global $conf; - global $ID; $dir = $conf['datadir']; - $ns = $_REQUEST['ns']; + $ns = $INPUT->str('ns'); if($ns == '*'){ $ns =''; } |