de/dae/ajax_8php_source.html

<?php

/*

 * Copyright (c) 2021-2024 Bearsampp

 * License:  GNU General Public License version 3 or later; see LICENSE.txt

 * Author: Bear

 * Website: https://bearsampp.com

 * Github: https://github.com/Bearsampp

 */

include_once __DIR__ . '/../../root.php';


Csrf::init();


$procMap = [

    'summary' => __DIR__ . '/ajax/ajax.summary.php',

    'latestversion' => __DIR__ . '/ajax/ajax.latestversion.php',

    'apache' => __DIR__ . '/ajax/ajax.apache.php',

    'mailpit' => __DIR__ . '/ajax/ajax.mailpit.php',

    'memcached' => __DIR__ . '/ajax/ajax.memcached.php',

    'mariadb' => __DIR__ . '/ajax/ajax.mariadb.php',

    'mysql' => __DIR__ . '/ajax/ajax.mysql.php',

    'nodejs' => __DIR__ . '/ajax/ajax.nodejs.php',

    'php' => __DIR__ . '/ajax/ajax.php.php',

    'postgresql' => __DIR__ . '/ajax/ajax.postgresql.php',

    'xlight' => __DIR__ . '/ajax/ajax.xlight.php',

    'quickpick' => __DIR__ . '/ajax/ajax.quickpick.php',

    'toggleenhancedquickpick' => __DIR__ . '/ajax/ajax.toggle.enhancedquickpick.php',

    'applymoduleconfig' => __DIR__ . '/ajax/ajax.apply.moduleconfig.php'

];


$csrfProtectedEndpoints = [

    'quickpick',                    // Installs modules

    'toggleenhancedquickpick',      // Changes configuration

    'applymoduleconfig'             // Applies configuration changes

];


$proc = Util::cleanPostVar('proc', 'text');  // Ensure 'proc' is cleaned and read correctly


if (in_array($proc, $csrfProtectedEndpoints, true)) {

    if (!Csrf::validateRequest()) {

        http_response_code(403);

        header('Content-Type: application/json');

        echo json_encode([

            'error' => 'CSRF validation failed',

            'message' => 'Invalid or expired security token. Please refresh the page and try again.'

        ]);

        exit;

    }

}


if (isset($procMap[$proc]) && file_exists($procMap[$proc])) {

    include $procMap[$proc];

} else {

    $errorMessage = 'Invalid proc parameter';

    if (!empty($proc)) {

        $errorMessage .= ': "' . htmlspecialchars($proc) . '" is not a valid procedure';

    } else {

        $errorMessage .= ': no procedure was specified';

    }

    echo json_encode(['error' => $errorMessage]);

}

exit
exit
Definition ajax.apply.moduleconfig.php:63

$csrfProtectedEndpoints
$csrfProtectedEndpoints
Definition ajax.php:48

$procMap
$procMap
Definition ajax.php:26

$proc
$proc
Definition ajax.php:61

Csrf\validateRequest
static validateRequest($removeAfterValidation=false)
Definition class.csrf.php:186

Csrf\init
static init()
Definition class.csrf.php:58

Util\cleanPostVar
static cleanPostVar($name, $type='text')
Definition class.util.php:185