diff --git a/pub/api/classes/API.php b/pub/api/classes/API.php index 703c2fd..b78b09a 100644 --- a/pub/api/classes/API.php +++ b/pub/api/classes/API.php @@ -477,19 +477,8 @@ class API # The HTTP_X_HTTP_METHOD_OVERRIDE header is allowed for API requests because # some web servers do not support PUT or DELETE methods by default. # This override is only applied when the request method is POST and the header is present. - $override = $_SERVER['HTTP_X_HTTP_METHOD_OVERRIDE'] ?? null; - if ($method === 'POST' && is_string($override)) { - $override = strtoupper($override); - - if (in_array($override, $allowedMethods, true)) { - $method = $override; - } - } - - # Since browser doesnt allow DELETE or PUTs from the frontend forms (apart from some javascript/ajax fuckery) - # we need to check the _method POST value. - if ($this->user_type === 'frontend' && $method === 'POST' && isset($_POST['_method'])) { - $override = strtoupper($_POST['_method']); + if ($method === 'POST' && isset($_POST['X-HTTP-Method-Override'])) { + $override = strtoupper($_POST['X-HTTP-Method-Override']); if (in_array($override, $allowedMethods, true)) { $method = $override; diff --git a/pub/api/v1/portal-management/permissions/index.php b/pub/api/v1/portal-management/permissions/index.php index e0a31e4..632ea22 100644 --- a/pub/api/v1/portal-management/permissions/index.php +++ b/pub/api/v1/portal-management/permissions/index.php @@ -25,7 +25,7 @@ if ($API_permissions->request_method === 'GET') { $API_permissions->validateData($requiredFields, $optionalFields); $permissions = $API_permissions->getPermission(); - $API_permissions->apiOutput($code = 200, ['success' => $permissions], 'permission_retrieved'); + $API_permissions->apiOutput($code = 200, $permissions, 'permission_retrieved'); } elseif ($API_permissions->request_method === 'POST') { diff --git a/pub/api/v1/portal-management/user-groups/index.php b/pub/api/v1/portal-management/user-groups/index.php index 907784a..20e631c 100644 --- a/pub/api/v1/portal-management/user-groups/index.php +++ b/pub/api/v1/portal-management/user-groups/index.php @@ -55,7 +55,7 @@ if ($API_usergroups->request_method === 'GET') { $API_usergroups->checkPermissions('admin-access-control-user-groups', 'RW'); - # when called from the frontend will not be forwarding to a url since when its called from the frontend it doesnt need a redirection + # when called from the frontend will not be forwarding to a url since when it's called from the frontend it doesn't need a redirection $API_usergroups->return_url = false; $requiredFields = ['user_group_uuid' => ['type' => 'uuid']]; diff --git a/pub/bin/pages/autop/pageDevices_edit.php b/pub/bin/pages/autop/pageDevices_edit.php index 2023aa5..b99015f 100644 --- a/pub/bin/pages/autop/pageDevices_edit.php +++ b/pub/bin/pages/autop/pageDevices_edit.php @@ -79,7 +79,7 @@ if ($device_found) { $formBuilder->startForm(); ?>
- +
diff --git a/pub/bin/pages/autop/pageDevices_view.php b/pub/bin/pages/autop/pageDevices_view.php index 54ae8b8..bd9452a 100644 --- a/pub/bin/pages/autop/pageDevices_view.php +++ b/pub/bin/pages/autop/pageDevices_view.php @@ -60,7 +60,7 @@ function makeFileTables($API, $dataFolder, $device_slugify) checkPermissions('admin-devices-files', 'RW', true)) { ?> - + diff --git a/pub/bin/pages/autop/pagePlatforms_edit.php b/pub/bin/pages/autop/pagePlatforms_edit.php index b47c187..9365398 100644 --- a/pub/bin/pages/autop/pagePlatforms_edit.php +++ b/pub/bin/pages/autop/pagePlatforms_edit.php @@ -58,7 +58,7 @@ if ($platform_data) {
"> - +
diff --git a/pub/bin/pages/autop/pageVendors_edit.php b/pub/bin/pages/autop/pageVendors_edit.php index 5c324e7..8a0f17d 100644 --- a/pub/bin/pages/autop/pageVendors_edit.php +++ b/pub/bin/pages/autop/pageVendors_edit.php @@ -55,7 +55,7 @@ $formBuilder->startForm(); if ($vendor_data) { ?> "> - +
diff --git a/pub/bin/pages/portal-management/pageAccessControl_admin_edit.php b/pub/bin/pages/portal-management/pageAccessControl_admin_edit.php index 8002b25..1b2720a 100644 --- a/pub/bin/pages/portal-management/pageAccessControl_admin_edit.php +++ b/pub/bin/pages/portal-management/pageAccessControl_admin_edit.php @@ -60,7 +60,7 @@ $pageNavbar->outPutNavbar(); if ($admin_data) { $formBuilder->startForm(); ?> - +
diff --git a/pub/bin/pages/portal-management/pageAccessControl_permission_edit.php b/pub/bin/pages/portal-management/pageAccessControl_permission_edit.php index d40226a..5764380 100644 --- a/pub/bin/pages/portal-management/pageAccessControl_permission_edit.php +++ b/pub/bin/pages/portal-management/pageAccessControl_permission_edit.php @@ -61,7 +61,7 @@ if ($permission_data) { $formBuilder->startForm(); ?> - +
diff --git a/pub/bin/pages/portal-management/pageAccessControl_user_group_edit.php b/pub/bin/pages/portal-management/pageAccessControl_user_group_edit.php index 6659c89..2feb93f 100644 --- a/pub/bin/pages/portal-management/pageAccessControl_user_group_edit.php +++ b/pub/bin/pages/portal-management/pageAccessControl_user_group_edit.php @@ -53,7 +53,7 @@ $pageNavbar->outPutNavbar(); $formBuilder->startForm(); ?> - +
diff --git a/pub/bin/pages/portal-management/pageSystemConfig.php b/pub/bin/pages/portal-management/pageSystemConfig.php index e1733c2..6dbe26f 100644 --- a/pub/bin/pages/portal-management/pageSystemConfig.php +++ b/pub/bin/pages/portal-management/pageSystemConfig.php @@ -86,7 +86,7 @@ while ($module = $system_modules_data->fetch_assoc()) {
- +
@@ -175,7 +175,7 @@ while ($module = $system_modules_data->fetch_assoc()) {
- +
@@ -271,7 +271,7 @@ while ($module = $system_modules_data->fetch_assoc()) {

- +
@@ -308,7 +308,7 @@ while ($module = $system_modules_data->fetch_assoc()) {
- + diff --git a/pub/bin/pages/portal-management/sources/pageSourceInserve.php b/pub/bin/pages/portal-management/sources/pageSourceInserve.php index 25b2b12..60b7442 100644 --- a/pub/bin/pages/portal-management/sources/pageSourceInserve.php +++ b/pub/bin/pages/portal-management/sources/pageSourceInserve.php @@ -56,7 +56,7 @@ $pageNavbar->outPutNavbar(); - +
diff --git a/pub/bin/pages/servers/pageServerOverview_server_view.php b/pub/bin/pages/servers/pageServerOverview_server_view.php index 3a09d17..183c5ab 100644 --- a/pub/bin/pages/servers/pageServerOverview_server_view.php +++ b/pub/bin/pages/servers/pageServerOverview_server_view.php @@ -110,7 +110,7 @@ $logo = $logos[$baseos] ?? 'server'; if ($API->checkPermissions('servers', 'RW', true)) { $pageNavbar->AddHTMLButton( ' - + ' . ( @@ -155,7 +155,7 @@ $pageNavbar->outPutNavbar();
- + diff --git a/pub/bin/php/jsScripts.php b/pub/bin/php/jsScripts.php index d2449bb..1cef729 100644 --- a/pub/bin/php/jsScripts.php +++ b/pub/bin/php/jsScripts.php @@ -248,7 +248,7 @@ if (isset($this->jsScriptLoadData['activateCompany'])) { ?> const params = { company_uuid: companyUuid, company_state: newState, - _method: 'PUT' + "X-HTTP-Method-Override": "PUT" }; const rootStyles = getComputedStyle(document.documentElement); @@ -641,7 +641,7 @@ if (isset($this->jsScriptLoadData['stompjes'])) { ?> // Make the POST request to delete the device $.post(apiUrl, { [itemName]: itemUuid, - _method: "POST" + "X-HTTP-Method-Override": "POST" }) .done(function (response) { @@ -712,7 +712,7 @@ if (isset($this->jsScriptLoadData['stompjes'])) { ?> // Make the POST request to delete the device $.post(deleteStompOptions.apiUrl, { [deleteStompOptions.itemName]: deleteStompOptions.itemUuid, - _method: "DELETE" + "X-HTTP-Method-Override": "DELETE" }) .done(function (response) { @@ -963,7 +963,7 @@ if (isset($this->jsScriptLoadData['delete_confirmation'])) { ?> // Make the POST request to delete the item $.post(apiUrl, { [itemName]: itemUuid, - _method: "DELETE" + "X-HTTP-Method-Override": "DELETE" }) .done(function (response) { @@ -1154,7 +1154,7 @@ if (isset($this->jsScriptLoadData['updateToggle'])) { ?> } // Add method override - dataObj._method = 'PUT'; + dataObj['X-HTTP-Method-Override'] = 'PUT'; // Convert to URL-encoded string const formBody = new URLSearchParams(dataObj).toString(); @@ -1169,8 +1169,8 @@ if (isset($this->jsScriptLoadData['updateToggle'])) { ?> }); if (response.ok) { - // Remove _method before saving back - delete dataObj._method; + // Remove X-HTTP-Method-Override before saving back + delete dataObj['X-HTTP-Method-Override'] input.setAttribute('data-api-data', JSON.stringify(dataObj)); } else { input.checked = !input.checked; // revert toggle @@ -1209,7 +1209,7 @@ if (isset($this->jsScriptLoadData['updatePermissions'])) { ?> formData.append('permission_uuid', permissionUUID); formData.append('user_group_uuid', userGroupUUID); formData.append('permission_value', permissionValue); - formData.append('_method', 'PUT') + formData.append('X-HTTP-Method-Override', 'PUT') try { const response = await fetch(apiUrl, {