function requestValidateWriteAccess() { if ($_SERVER['REQUEST_METHOD'] != 'POST') { echo 'Invalid request'; die; } requestValidateReadAccess(); if (!csrf_check(false)) { echo 'Unsupported request'; die; } return true; }
// Look if we have the information already if (isset($_SESSION['__permitted_modules'])) { $permission = $_SESSION['__permitted_modules']; } else { // Get the information from server $params = array(); $permission = $client->call('get_modules', $params, $Server_path, $Server_path); // Store for futher re-use $_SESSION['__permitted_modules'] = $permission; } $module = $permission[0]; $action = "index.php"; } } $filename = $module . $action; if ($is_logged == 1 && requestValidateReadAccess()) { include "HelpDesk/Utils.php"; global $default_charset, $default_language; $default_language = getPortalCurrentLanguage(); include "language/{$default_language}.lang.php"; header('Content-Type: text/html; charset=' . $default_charset); if (!$isAjax) { include "header.html"; } ?> <?php // Hide non-permitted tabs if not Ajax Request if (!$isAjax) { echo '<script type="text/javascript">'; // Look if we have the information already
if ($_REQUEST['fun'] == 'updatecomment' && requestValidateWriteAccess()) { UpdateComment(); } if ($_REQUEST['fun'] == 'close_ticket' && requestValidateWriteAccess()) { $ticketid = $_REQUEST['ticketid']; $res = Close_Ticket($ticketid); } if ($_REQUEST['fun'] == 'uploadfile' && requestValidateWriteAccess()) { $upload_status = AddAttachment(); if ($upload_status != '') { echo $upload_status; exit(0); } } ?> <script> var ticketid = <?php echo Zend_Json::encode($_REQUEST['ticketid']); ?> ; window.location.href = "index.php?module=HelpDesk&action=index&fun=detail&ticketid="+ticketid </script> <?php } elseif ($_REQUEST['fun'] == 'detail' && requestValidateReadAccess()) { $ticketid = Zend_Json::decode($_REQUEST['ticketid']); $block = 'HelpDesk'; include "TicketDetail.php"; } elseif ($_REQUEST['fun'] == 'saveticket') { include "SaveTicket.php"; } echo '</table></td></tr></table></td></tr></table>';