před 7 roky · 08d9ee3175
--- a/api/index.php
+++ b/api/index.php
@@ -15,8 +15,17 @@ if ($function === false) {
 
				 	$result['statusText'] = "No API Path Supplied";
			
 
				 	exit(json_encode($result));
			
 
				 }
			
 
				-if ($function !== 'v1_auth' && $function !== 'v1_wizard_config' && $function !== 'v1_login' && $function !== 'v1_wizard_path') {
			
 
				-	if (isApprovedRequest($method, $_POST) === false) {
			
 
				+$approvedFunctionsBypass = array(
			
 
				+	'v1_upgrade',
			
 
				+	'v1_update',
			
 
				+	'v1_force',
			
 
				+	'v1_auth',
			
 
				+	'v1_wizard_config',
			
 
				+	'v1_login',
			
 
				+	'v1_wizard_path',
			
 
				+);
			
 
				+if (!in_array($function, $approvedFunctionsBypass)) {
			
 
				+	if (isApprovedRequest($method) === false) {
			
 
				 		$result['status'] = "error";
			
 
				 		$result['statusText'] = "Not Authorized";
			
 
				 		writeLog('success', 'Killed Attack From [' . (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : 'No Referer') . ']', $GLOBALS['organizrUser']['username']);
			
--- a/js/functions.js
+++ b/js/functions.js
@@ -3388,7 +3388,8 @@ function organizrAPI(type,path,data=null){
 
				 				url:path,
			
 
				 				method:"GET",
			
 
				 				beforeSend: function(request) {
			
 
				-					request.setRequestHeader("Token", activeInfo.token);
			
 
				+                    request.setRequestHeader("Token", activeInfo.token);
			
 
				+                    request.setRequestHeader("formKey", local('g','formKey'));
			
 
				 				},
			
 
				 				timeout: timeout,
			
 
				 			});
			
@@ -3402,6 +3403,7 @@ function organizrAPI(type,path,data=null){
 
				 				method:"POST",
			
 
				 				beforeSend: function(request) {
			
 
				 					request.setRequestHeader("Token", activeInfo.token);
			
 
				+                    request.setRequestHeader("formKey", local('g','formKey'));
			
 
				 				},
			
 
				 				data:{
			
 
				 					data: data,
			
@@ -6560,6 +6562,17 @@ function closeOrgError(){
 
				     $('#main-org-error-container').removeClass('show');
			
 
				     $('#main-org-error').html('');
			
 
				 }
			
 
				+function isJSON(data) {
			
 
				+    if (typeof data != 'string'){
			
 
				+        data = JSON.stringify(data);
			
 
				+    }
			
 
				+    try {
			
 
				+        JSON.parse(data);
			
 
				+        return true;
			
 
				+    } catch (e) {
			
 
				+        return false;
			
 
				+    }
			
 
				+}
			
 
				 function launch(){
			
 
				 	organizrConnect('api/?v1/launch_organizr').success(function (data) {
			
 
				         try {
			
@@ -6633,5 +6646,6 @@ function launch(){
 
				 			default:
			
 
				 				console.error('Organizr Function: Action not set or defined');
			
 
				 		}
			
 
				+		console.log('Organizr DOM Fully loaded');
			
 
				 	});
			
 
				 }