m1k1oblog/app/ajax.class.php

<?php
defined('PROJECT_PATH') OR exit('No direct script access allowed');

class Ajax
{
	private $_response = null;

	public function __construct(){
		ob_start();
	}

	public function set_error($msg = null){
		$this->_response = [
			"error" => true,
			"msg" => $msg
		];

		// Incldue debug info
		if(ob_get_length() > 0 && Config::get_safe('debug', false)){
			$this->_response["debug"] = ob_get_clean();
		}

		// Log
		Log::put("ajax_errors", $msg);
	}

	public function token(){
		if(empty($_SESSION['token'])){
			throw new Exception("Direct access violation.");
		}

		$headers = apache_request_headers();
		if(!isset($headers['Csrf-Token']) && !isset($headers['csrf-token'])){
			throw new Exception("No CSRF token.");
		}

		if($headers['Csrf-Token'] !== $_SESSION['token'] && $headers['csrf-token'] !== $_SESSION['token']){
			throw new Exception("Wrong CSRF token.");
		}
	}

	public function set_response($response = null){
		$this->_response = $response;
	}

	public function json_response(){
		if(ob_get_length() > 0) {
			ob_clean();
		}

		header('Content-Type: application/json');
		echo json_encode($this->_response);
	}
}
Ajax moved to class 2016-12-28 13:02:55 +00:00			`<?php`
php deny code execution for included files 2019-12-23 17:50:43 +00:00			`defined('PROJECT_PATH') OR exit('No direct script access allowed');`
Ajax moved to class 2016-12-28 13:02:55 +00:00
			`class Ajax`
			`{`
			`private $_response = null;`
remove empty lines with spaces 2019-12-20 17:38:48 +00:00
ajax start ob and dump if debug 2019-12-23 19:27:21 +00:00			`public function __construct(){`
			`ob_start();`
			`}`

Ajax moved to class 2016-12-28 13:02:55 +00:00			`public function set_error($msg = null){`
			`$this->_response = [`
			`"error" => true,`
			`"msg" => $msg`
			`];`
remove empty lines with spaces 2019-12-20 17:38:48 +00:00
bug: debug info only if error occured 2019-12-23 20:17:17 +00:00			`// Incldue debug info`
			`if(ob_get_length() > 0 && Config::get_safe('debug', false)){`
			`$this->_response["debug"] = ob_get_clean();`
			`}`

Ajax moved to class 2016-12-28 13:02:55 +00:00			`// Log`
			`Log::put("ajax_errors", $msg);`
			`}`
remove empty lines with spaces 2019-12-20 17:38:48 +00:00
Ajax moved to class 2016-12-28 13:02:55 +00:00			`public function token(){`
			`if(empty($_SESSION['token'])){`
			`throw new Exception("Direct access violation.");`
			`}`
remove empty lines with spaces 2019-12-20 17:38:48 +00:00
Ajax moved to class 2016-12-28 13:02:55 +00:00			`$headers = apache_request_headers();`
CSRF token & HTTPS bug fixed 2019-09-01 21:54:54 +00:00			`if(!isset($headers['Csrf-Token']) && !isset($headers['csrf-token'])){`
Ajax moved to class 2016-12-28 13:02:55 +00:00			`throw new Exception("No CSRF token.");`
			`}`
CSRF token & HTTPS bug fixed 2019-09-01 21:54:54 +00:00
			`if($headers['Csrf-Token'] !== $_SESSION['token'] && $headers['csrf-token'] !== $_SESSION['token']){`
Ajax moved to class 2016-12-28 13:02:55 +00:00			`throw new Exception("Wrong CSRF token.");`
			`}`
			`}`
remove empty lines with spaces 2019-12-20 17:38:48 +00:00
Ajax moved to class 2016-12-28 13:02:55 +00:00			`public function set_response($response = null){`
			`$this->_response = $response;`
			`}`
remove empty lines with spaces 2019-12-20 17:38:48 +00:00
Ajax moved to class 2016-12-28 13:02:55 +00:00			`public function json_response(){`
clean ob only if is not empty 2019-12-23 19:19:56 +00:00			`if(ob_get_length() > 0) {`
bug: debug info only if error occured 2019-12-23 20:17:17 +00:00			`ob_clean();`
clean ob only if is not empty 2019-12-23 19:19:56 +00:00			`}`

Ajax moved to class 2016-12-28 13:02:55 +00:00			`header('Content-Type: application/json');`
			`echo json_encode($this->_response);`
			`}`
			`}`