forked from zencart/zencart
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathajax.php
79 lines (69 loc) · 2.52 KB
/
ajax.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
<?php
/**
* ajax front controller
*
* @copyright Copyright 2003-2024 Zen Cart Development Team
* @copyright Portions Copyright 2003 osCommerce
* @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
* @version $Id: lat9 2024 Aug 13 Modified in v2.1.0-alpha2 $
*/
// Abort if the request was not an AJAX call
if (!isset($_SERVER['HTTP_X_REQUESTED_WITH']) || strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) != 'xmlhttprequest') {
http_response_code(400); // "Bad Request"
exit();
}
// -----
// Since this request can also be initiated from the admin-side's ajax.php, need
// to ensure that we're bringing in the correct 'base' processing for the
// rest of the initialization.
//
if (empty($zc_ajax_base_dir)) {
$zc_ajax_base_dir = '';
}
require $zc_ajax_base_dir . 'includes/application_top.php';
// deny ajax requests from spiders
if (isset($spider_flag) && $spider_flag === true) ajaxAbort();
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET');
header("Access-Control-Allow-Headers: X-Requested-With");
// --- support functions ------------------
function ajaxAbort($status = 400, $msg = null)
{
global $zc_ajax_base_dir;
http_response_code($status); // 400 = "Bad Request"
if ($msg) {
echo $msg;
}
require $zc_ajax_base_dir . 'includes/application_bottom.php';
exit();
}
// --- support functions ------------------
// -----
// Ensure that the two required $_GET variables are (a) set and (b) contain
// only alphanumeric characters.
//
if (!isset($_GET['act'], $_GET['method']) || !preg_match('/^[a-zA-Z0-9]+$/', $_GET['act']) || !preg_match('/^[a-zA-Z0-9]+$/', $_GET['method'])) {
ajaxAbort();
}
$language_page_directory = DIR_WS_LANGUAGES . $_SESSION['language'] . '/';
$className = 'zc' . ucfirst($_GET['act']);
$classFile = basename($className . '.php');
$classPath = DIR_WS_CLASSES . 'ajax/';
$basePath = DIR_FS_CATALOG;
$file = realpath($basePath . $classPath . $classFile);
if (!empty($file) && file_exists($file)) {
require $file;
} else {
$fs->loadFilesFromPluginsDirectory($installedPlugins, 'catalog/' . $classPath, '~^' . $classFile . '$~');
if (!class_exists($className)) {
ajaxAbort();
}
}
$class = new $className();
if (!method_exists($class, $_GET['method'])) {
ajaxAbort(400, 'class method error');
}
// Accepted request, so execute and return appropriate response:
$result = call_user_func(array($class, $_GET['method']));
echo json_encode($result);
require $zc_ajax_base_dir . 'includes/application_bottom.php';