Copyright (c) 2006-2013 osTicket http://www.osticket.com Released under the GNU General Public License WITHOUT ANY WARRANTY. See LICENSE.TXT for details. vim: expandtab sw=4 ts=4 sts=4: **********************************************************************/ # Override staffLoginPage() defined in staff.inc.php to return an # HTTP/Forbidden status rather than the actual login page. # XXX: This should be moved to the AjaxController class function staffLoginPage($msg='Unauthorized') { Http::response(403,'Must login: '.Format::htmlchars($msg)); exit; } define('AJAX_REQUEST', 1); require('staff.inc.php'); //Clean house...don't let the world see your crap. ini_set('display_errors', '0'); // Set by installer ini_set('display_startup_errors', '0'); // Set by installer //TODO: disable direct access via the browser? i,e All request must have REFER? if(!defined('INCLUDE_DIR')) Http::response(500, 'Server configuration error'); require_once INCLUDE_DIR.'/class.dispatcher.php'; require_once INCLUDE_DIR.'/class.ajax.php'; $dispatcher = patterns('', url('^/kb/', patterns('ajax.kbase.php:KbaseAjaxAPI', # Send ticket-id as a query arg => canned-response/33?ticket=83 url_get('^canned-response/(?P\d+).(?Pjson|txt)', 'cannedResp'), url_get('^faq/(?P\d+)', 'faq') )), url('^/content/', patterns('ajax.content.php:ContentAjaxAPI', url_get('^log/(?P\d+)', 'log'), url_get('^ticket_variables', 'ticket_variables'), url_get('^signature/(?P\w+)(?:/(?P\d+))?$', 'getSignature'), url_get('^(?P\d+)/(?:(?P\w+)/)?manage$', 'manageContent'), url_get('^(?P[\w-]+)/(?:(?P\w+)/)?manage$', 'manageNamedContent'), url_post('^(?P\d+)(?:/(?P\w+))?$', 'updateContent') )), url('^/config/', patterns('ajax.config.php:ConfigAjaxAPI', url_get('^scp', 'scp'), url_get('^links', 'templateLinks') )), url('^/form/', patterns('ajax.forms.php:DynamicFormsAjaxAPI', url_get('^help-topic/(?P\d+)$', 'getFormsForHelpTopic'), url_get('^field-config/(?P\d+)$', 'getFieldConfiguration'), url_post('^field-config/(?P\d+)$', 'saveFieldConfiguration'), url_delete('^answer/(?P\d+)/(?P\d+)$', 'deleteAnswer'), url_post('^upload/(\d+)?$', 'upload'), url_post('^upload/(\w+)?$', 'attach') )), url('^/list/', patterns('ajax.forms.php:DynamicFormsAjaxAPI', url_get('^(?P\w+)/item/(?P\d+)/properties$', 'getListItemProperties'), url_post('^(?P\w+)/item/(?P\d+)/properties$', 'saveListItemProperties') )), url('^/report/overview/', patterns('ajax.reports.php:OverviewReportAjaxAPI', # Send url_get('^graph$', 'getPlotData'), url_get('^table/groups$', 'enumTabularGroups'), url_get('^table/export$', 'downloadTabularData'), # mod-dashboard-time url_get('^table/groups_time$', 'enumTabularTimeGroups'), url_get('^table/export_time$', 'downloadTabularTimeData'), url_get('^table_time$', 'getTabularTimeData'), # mod-dashboard-time url_get('^table$', 'getTabularData') )), url('^/users', patterns('ajax.users.php:UsersAjaxAPI', url_get('^$', 'search'), url_get('^/local$', 'search', array('local')), url_get('^/remote$', 'search', array('remote')), url_get('^/(?P\d+)$', 'getUser'), url_post('^/(?P\d+)$', 'updateUser'), url_get('^/(?P\d+)/preview$', 'preview'), url_get('^/(?P\d+)/edit$', 'editUser'), url('^/lookup$', 'getUser'), url_get('^/lookup/form$', 'lookup'), url_post('^/lookup/form$', 'addUser'), url_get('^/add$', 'addUser'), url('^/import$', 'importUsers'), url_get('^/select$', 'selectUser'), url_get('^/select/(?P\d+)$', 'selectUser'), url_get('^/select/auth:(?P\w+):(?P.+)$', 'addRemoteUser'), url_get('^/(?P\d+)/register$', 'register'), url_post('^/(?P\d+)/register$', 'register'), url_get('^/(?P\d+)/delete$', 'delete'), url_post('^/(?P\d+)/delete$', 'delete'), url_get('^/(?P\d+)/manage(?:/(?P\w+))?$', 'manage'), url_post('^/(?P\d+)/manage(?:/(?P\w+))?$', 'manage'), url_get('^/(?P\d+)/org(?:/(?P\d+))?$', 'updateOrg'), url_post('^/(?P\d+)/org$', 'updateOrg'), url_get('^/staff$', 'searchStaff'), url_post('^/(?P\d+)/note$', 'createNote'), url_get('^/(?P\d+)/forms/manage$', 'manageForms'), url_post('^/(?P\d+)/forms/manage$', 'updateForms') )), url('^/orgs', patterns('ajax.orgs.php:OrgsAjaxAPI', url_get('^$', 'search'), url_get('^/search$', 'search'), url_get('^/(?P\d+)$', 'getOrg'), url_post('^/(?P\d+)$', 'updateOrg'), url_post('^/(?P\d+)/profile$', 'updateOrg', array(true)), url_get('^/(?P\d+)/edit$', 'editOrg'), url_get('^/lookup/form$', 'lookup'), url_post('^/lookup$', 'lookup'), url_get('^/add$', 'addOrg'), url_post('^/add$', 'addOrg'), url_get('^/select$', 'selectOrg'), url_get('^/select/(?P\d+)$', 'selectOrg'), url_get('^/(?P\d+)/add-user(?:/(?P\d+))?$', 'addUser'), url_get('^/(?P\d+)/add-user(?:/auth:(?P.+))?$', 'addUser', array(true)), url_post('^/(?P\d+)/add-user$', 'addUser'), url('^/(?P\d+)/import-users$', 'importUsers'), url_get('^/(?P\d+)/delete$', 'delete'), url_delete('^/(?P\d+)/delete$', 'delete'), url_post('^/(?P\d+)/note$', 'createNote'), url_get('^/(?P\d+)/forms/manage$', 'manageForms'), url_post('^/(?P\d+)/forms/manage$', 'updateForms') )), url('^/tickets/', patterns('ajax.tickets.php:TicketsAjaxAPI', url_get('^(?P\d+)/change-user$', 'changeUserForm'), url_post('^(?P\d+)/change-user$', 'changeUser'), url_get('^(?P\d+)/user$', 'viewUser'), url_post('^(?P\d+)/user$', 'updateUser'), url_get('^(?P\d+)/preview', 'previewTicket'), url_post('^(?P\d+)/lock$', 'acquireLock'), url_post('^(?P\d+)/lock/(?P\d+)/renew', 'renewLock'), url_post('^(?P\d+)/lock/(?P\d+)/release', 'releaseLock'), url_get('^(?P\d+)/collaborators/preview$', 'previewCollaborators'), url_get('^(?P\d+)/collaborators$', 'showCollaborators'), url_post('^(?P\d+)/collaborators$', 'updateCollaborators'), url_get('^(?P\d+)/add-collaborator/(?P\d+)$', 'addCollaborator'), url_get('^(?P\d+)/add-collaborator/auth:(?P\w+):(?P.+)$', 'addRemoteCollaborator'), url('^(?P\d+)/add-collaborator$', 'addCollaborator'), url_get('^(?P\d+)/forms/manage$', 'manageForms'), url_post('^(?P\d+)/forms/manage$', 'updateForms'), url_get('^(?P\d+)/canned-resp/(?P\w+).(?Pjson|txt)', 'cannedResponse'), url_get('^(?P\d+)/status/(?P\w+)(?:/(?P\d+))?$', 'changeTicketStatus'), url_post('^(?P\d+)/status$', 'setTicketStatus'), url_get('^status/(?P\w+)(?:/(?P\d+))?$', 'changeSelectedTicketsStatus'), url_post('^status/(?P\w+)$', 'setSelectedTicketsStatus'), url_get('^lookup', 'lookup'), url_get('^search', 'search') )), url('^/collaborators/', patterns('ajax.tickets.php:TicketsAjaxAPI', url_get('^(?P\d+)/view$', 'viewCollaborator'), url_post('^(?P\d+)$', 'updateCollaborator') )), url('^/draft/', patterns('ajax.draft.php:DraftAjaxAPI', url_post('^(?P\d+)$', 'updateDraft'), url_delete('^(?P\d+)$', 'deleteDraft'), url_post('^(?P\d+)/attach$', 'uploadInlineImage'), url_get('^(?P[\w.]+)$', 'getDraft'), url_post('^(?P[\w.]+)$', 'createDraft'), url_get('^images/browse$', 'getFileList') )), url('^/note/', patterns('ajax.note.php:NoteAjaxAPI', url_get('^(?P\d+)$', 'getNote'), url_post('^(?P\d+)$', 'updateNote'), url_delete('^(?P\d+)$', 'deleteNote'), url_post('^attach/(?P\w\d+)$', 'createNote') )), url('^/sequence/', patterns('ajax.sequence.php:SequenceAjaxAPI', url_get('^(?P\d+)$', 'current'), url_get('^manage$', 'manage'), url_post('^manage$', 'manage') )), url_post('^/upgrader', array('ajax.upgrader.php:UpgraderAjaxAPI', 'upgrade')), url('^/help/', patterns('ajax.tips.php:HelpTipAjaxAPI', url_get('^tips/(?P[\w_.]+)$', 'getTipsJson'), url_get('^(?P[\w_]+)?/tips/(?P[\w_.]+)$', 'getTipsJsonForLang') )), url('^/i18n/(?P[\w_]+)/', patterns('ajax.i18n.php:i18nAjaxAPI', url_get('(?P\w+)$', 'getLanguageFile') )) ); Signal::send('ajax.scp', $dispatcher); # Call the respective function print $dispatcher->resolve($ost->get_path_info()); ?>