Example #1
0
function requestValidateWriteAccess()
{
    if ($_SERVER['REQUEST_METHOD'] != 'POST') {
        echo 'Invalid request';
        die;
    }
    requestValidateReadAccess();
    if (!csrf_check(false)) {
        echo 'Unsupported request';
        die;
    }
    return true;
}
Example #2
0
            // Look if we have the information already
            if (isset($_SESSION['__permitted_modules'])) {
                $permission = $_SESSION['__permitted_modules'];
            } else {
                // Get the information from server
                $params = array();
                $permission = $client->call('get_modules', $params, $Server_path, $Server_path);
                // Store for futher re-use
                $_SESSION['__permitted_modules'] = $permission;
            }
            $module = $permission[0];
            $action = "index.php";
        }
    }
    $filename = $module . $action;
    if ($is_logged == 1 && requestValidateReadAccess()) {
        include "HelpDesk/Utils.php";
        global $default_charset, $default_language;
        $default_language = getPortalCurrentLanguage();
        include "language/{$default_language}.lang.php";
        header('Content-Type: text/html; charset=' . $default_charset);
        if (!$isAjax) {
            include "header.html";
        }
        ?>

		<?php 
        // Hide non-permitted tabs if not Ajax Request
        if (!$isAjax) {
            echo '<script type="text/javascript">';
            // Look if we have the information already
Example #3
0
    if ($_REQUEST['fun'] == 'updatecomment' && requestValidateWriteAccess()) {
        UpdateComment();
    }
    if ($_REQUEST['fun'] == 'close_ticket' && requestValidateWriteAccess()) {
        $ticketid = $_REQUEST['ticketid'];
        $res = Close_Ticket($ticketid);
    }
    if ($_REQUEST['fun'] == 'uploadfile' && requestValidateWriteAccess()) {
        $upload_status = AddAttachment();
        if ($upload_status != '') {
            echo $upload_status;
            exit(0);
        }
    }
    ?>
	<script>
		var ticketid = <?php 
    echo Zend_Json::encode($_REQUEST['ticketid']);
    ?>
;
		window.location.href = "index.php?module=HelpDesk&action=index&fun=detail&ticketid="+ticketid
	</script>
	<?php 
} elseif ($_REQUEST['fun'] == 'detail' && requestValidateReadAccess()) {
    $ticketid = Zend_Json::decode($_REQUEST['ticketid']);
    $block = 'HelpDesk';
    include "TicketDetail.php";
} elseif ($_REQUEST['fun'] == 'saveticket') {
    include "SaveTicket.php";
}
echo '</table></td></tr></table></td></tr></table>';