Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Protect your AJAX controller action from malicious calls. #Magento #Security #AJAX
<?php
/**
* Namespace ModuleName
*
* @category Namespace
* @package Namespace_ModuleName
* @copyright Copyright (c) 2015 Tobias Forkel (http://www.tobiasforkel.de)
* @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
*/
class Namespace_ModuleName_Adminhtml_Namespace_ModuleName_AjaxController extends Mage_Adminhtml_Controller_Action
{
/**
* Index action
*
* Receive data coming from a AJAX request and repsonse. Before check if data is coming from the same http referer.
*
* @return void
*/
public function indexAction()
{
if (strpos(Mage::helper('core/http')->getHttpReferer(), Mage::getBaseUrl()) === false)
{
exit();
}
// Do something
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.