Last active
July 6, 2021 05:25
-
-
Save tobias-forkel/15d279cc7997d4047029 to your computer and use it in GitHub Desktop.
Protect your AJAX controller action from malicious calls. #Magento #Security #AJAX
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/** | |
* Namespace ModuleName | |
* | |
* @category Namespace | |
* @package Namespace_ModuleName | |
* @copyright Copyright (c) 2015 Tobias Forkel (http://www.tobiasforkel.de) | |
* @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0) | |
*/ | |
class Namespace_ModuleName_Adminhtml_Namespace_ModuleName_AjaxController extends Mage_Adminhtml_Controller_Action | |
{ | |
/** | |
* Index action | |
* | |
* Receive data coming from a AJAX request and repsonse. Before check if data is coming from the same http referer. | |
* | |
* @return void | |
*/ | |
public function indexAction() | |
{ | |
if (strpos(Mage::helper('core/http')->getHttpReferer(), Mage::getBaseUrl()) === false) | |
{ | |
exit(); | |
} | |
// Do something | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment