v.1.1 changes 16-04-2026:
- Minor changes to interface. - Fixed different missing includes. - Access now denied to api calls that are related to disabled modules. - Fixed sorting of CPU and memory in server overview.
This commit is contained in:
@@ -44,8 +44,11 @@ class API
|
||||
|
||||
public function __construct()
|
||||
{
|
||||
# Setup Database connection
|
||||
|
||||
require_once $_SERVER['DOCUMENT_ROOT'] . '/bin/php/db_connect.php';
|
||||
include_once $_SERVER['DOCUMENT_ROOT'] . '/bin/php/Functions/globalFunctions.php';
|
||||
|
||||
# Setup Database connection
|
||||
$this->conn = $GLOBALS['conn'];
|
||||
|
||||
if (!empty($_SESSION['user']['user_uuid'])) {
|
||||
@@ -77,6 +80,9 @@ class API
|
||||
}
|
||||
}
|
||||
|
||||
# Get the enabled modules for the user
|
||||
$GLOBALS['modules_enabled'] = getEnabledModules();
|
||||
|
||||
// Disable builder input for non-GET requests to prevent potential SQL injection vulnerabilities.
|
||||
// Also disable the builder for users with the 'frontend' user type as an extra security measure.
|
||||
// The builder should only be active for API users making GET requests.
|
||||
@@ -98,7 +104,6 @@ class API
|
||||
$this->user_type = 'frontend';
|
||||
|
||||
# Load the locale for the user, this is used for the return message in the frontend and other globalFunctions.
|
||||
include_once $_SERVER['DOCUMENT_ROOT'] . '/bin/php/Functions/globalFunctions.php';
|
||||
$locale = getPreferredLocale();
|
||||
global $translations;
|
||||
$translations = require $_SERVER['DOCUMENT_ROOT'] . "/bin/locales/{$locale}.php";
|
||||
|
||||
Reference in New Issue
Block a user