Added optional parament in $valid_actions [AJAX] (#91)

torrentpier/torrentpier#567
2025-02-28 15:10:54 +03:00 · 2023-04-01 00:44:50 +07:00 · 2023-04-01 00:44:50 +07:00 · 5af4f7f113
commit 5af4f7f113
parent 770ca6d229
1 changed files with 23 additions and 16 deletions
--- a/ajax.php
+++ b/ajax.php
@ -12,19 +12,6 @@ $ajax->init();
 // Init userdata
 $user->session_start();
 // Exit if board is disabled via ON/OFF trigger or by admin
 if ($ajax->action != 'manage_admin')
 {
 	if ($bb_cfg['board_disable'])
 	{
 		$ajax->ajax_die($lang['BOARD_DISABLE']);
 	}
 	else if (file_exists(BB_DISABLED))
 	{
 		$ajax->ajax_die($lang['BOARD_DISABLE_CRON']);
 	}
 }
 // Load actions required modules
 switch ($ajax->action)
 {
@ -73,6 +60,7 @@ switch ($ajax->action)
 // Position in $ajax->valid_actions['xxx']
 define('AJAX_AUTH', 0); // 'guest', 'user', 'mod', 'admin', 'super_admin'
 define('AJAX_ALWAYS_ACTIVE', 1); // определяет скрипты, которые будут работать при отключенном форуме
 $ajax->exec();
@ -90,8 +78,8 @@ class ajax_common
 		'change_user_rank'  => array('admin'),
 		'change_user_opt'   => array('admin'),
 		'manage_user'       => array('admin'),
-		'manage_admin'      => array('admin'),
+		'manage_admin'      => array('admin', true),
-		'sitemap'           => array('admin'),
+		'sitemap'           => array('admin', true),
 		'mod_action'        => array('mod'),
 		'topic_tpl'         => array('mod'),
@ -127,7 +115,7 @@ class ajax_common
 	 */
 	function exec()
 	{
-		global $lang;
+        global $lang, $bb_cfg;
 		// Exit if we already have errors
 		if (!empty($this->response['error_code']))
@ -138,6 +126,9 @@ class ajax_common
 		// Check that requested action is valid
 		$action = $this->action;
        // Action params
        $action_params = null;
 		if (!$action || !is_string($action))
 		{
 			$this->ajax_die('no action specified');
@ -147,6 +138,22 @@ class ajax_common
 			$this->ajax_die('invalid action: ' . $action);
 		}
        // Exit if board is disabled via ON/OFF trigger or by admin
        if ($bb_cfg['board_disable'] || file_exists(BB_DISABLED))
        {
            if ($action_params[AJAX_ALWAYS_ACTIVE] !== true)
            {
                if ($bb_cfg['board_disable'])
                {
                    $this->ajax_die($lang['BOARD_DISABLE']);
                }
                elseif (file_exists(BB_DISABLED))
                {
                    $this->ajax_die($lang['BOARD_DISABLE_CRON']);
                }
            }
        }
 		// Auth check
 		switch ($action_params[AJAX_AUTH])
 		{