-
-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathajax.php
75 lines (62 loc) · 2.26 KB
/
ajax.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
<?php
/**
* ajax front controller
*
* @package core
* Zen Cart German Specific (158 code in 157)
* @copyright Copyright 2003-2023 Zen Cart Development Team
* Zen Cart German Version - www.zen-cart-pro.at
* @copyright Portions Copyright 2003 osCommerce
* @license https://www.zen-cart-pro.at/license/3_0.txt GNU General Public License V3.0
* @version $Id: ajax.php 2023-10-30 15:32:29Z webchills $
*/
// Abort if the request was not an AJAX call
if (!isset($_SERVER['HTTP_X_REQUESTED_WITH']) || strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) != 'xmlhttprequest') {
http_response_code(400); // "Bad Request"
exit();
}
// -----
// Since this request can also be initiated from the admin-side's ajax.php, need
// to ensure that we're bringing in the correct 'base' processing for the
// rest of the initialization.
//
if (empty($zc_ajax_base_dir)) {
$zc_ajax_base_dir = '';
}
require $zc_ajax_base_dir . 'includes/application_top.php';
// deny ajax requests from spiders
if (isset($spider_flag) && $spider_flag === true) ajaxAbort();
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET');
header("Access-Control-Allow-Headers: X-Requested-With");
// --- support functions ------------------
function ajaxAbort($status = 400, $msg = null)
{
global $zc_ajax_base_dir;
http_response_code($status); // 400 = "Bad Request"
if ($msg) {
echo $msg;
}
require $zc_ajax_base_dir . 'includes/application_bottom.php';
exit();
}
// --- support functions ------------------
if (!isset($_GET['act']) || !isset($_GET['method'])) {
ajaxAbort();
}
$language_page_directory = DIR_WS_LANGUAGES . $_SESSION['language'] . '/';
$className = 'zc' . ucfirst($_GET['act']);
$classFile = $className . '.php';
$basePath = DIR_FS_CATALOG . DIR_WS_CLASSES;
if (!file_exists(realpath($basePath . 'ajax/' . basename($classFile)))) {
ajaxAbort();
}
require realpath($basePath . 'ajax/' . basename($classFile));
$class = new $className();
if (!method_exists($class, $_GET['method'])) {
ajaxAbort(400, 'class method error');
}
// Accepted request, so execute and return appropriate response:
$result = call_user_func(array($class, $_GET['method']));
echo json_encode($result);
require $zc_ajax_base_dir . 'includes/application_bottom.php';