lindeas
/
jilo-web
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases 6 Wiki Activity

Fixes config editing

main
Yasen Pramatarov 2025-04-11 18:29:47 +03:00
parent d253d87515
commit d72dd5fabc
1 changed files with 27 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
app/pages/config.php
View File

@ -21,22 +21,32 @@ $configObject = new Config();
$isAjax = !empty($_SERVER['HTTP_X_REQUESTED_WITH']) && $isAjax = !empty($_SERVER['HTTP_X_REQUESTED_WITH']) &&
strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest'; strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest';
// Set JSON content type for AJAX requests
if ($isAjax) {
header('Content-Type: application/json');
}
// Ensure config file path is set // Ensure config file path is set
if (!isset($config_file) || empty($config_file)) { if (!isset($config_file) || empty($config_file)) {
if ($isAjax) { if ($isAjax) {
ApiResponse::error('Config file path not set'); ApiResponse::error('Config file path not set');
exit;
} else { } else {
Feedback::flash('ERROR', 'DEFAULT', 'Config file path not set'); Feedback::flash('ERROR', 'DEFAULT', 'Config file path not set');
header('Location: ' . htmlspecialchars($app_root)); header('Location: ' . htmlspecialchars($app_root));
}
exit; exit;
} }
}
// Check if file is writable // Check if file is writable
$isWritable = is_writable($config_file); $isWritable = is_writable($config_file);
$configMessage = ''; $configMessage = '';
if (!$isWritable) { if (!$isWritable) {
$configMessage = Feedback::render('ERROR', 'DEFAULT', 'Config file is not writable', false); $configMessage = Feedback::render('ERROR', 'DEFAULT', 'Config file is not writable', false);
if ($isAjax) {
ApiResponse::error('Config file is not writable', null, 403);
exit;
}
} }
if ($_SERVER['REQUEST_METHOD'] === 'POST') { if ($_SERVER['REQUEST_METHOD'] === 'POST') {
@ -45,11 +55,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$logObject->insertLog($user_id, "Unauthorized: User \"$currentUser\" tried to edit config file. IP: $user_IP", 'system'); $logObject->insertLog($user_id, "Unauthorized: User \"$currentUser\" tried to edit config file. IP: $user_IP", 'system');
if ($isAjax) { if ($isAjax) {
ApiResponse::error('Forbidden: You do not have permission to edit the config file', null, 403); ApiResponse::error('Forbidden: You do not have permission to edit the config file', null, 403);
exit;
} else { } else {
include '../app/templates/error-unauthorized.php'; include '../app/templates/error-unauthorized.php';
}
exit; exit;
} }
}
// Apply rate limiting // Apply rate limiting
require '../app/includes/rate_limit_middleware.php'; require '../app/includes/rate_limit_middleware.php';
@ -65,6 +76,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if ($jsonData === false) { if ($jsonData === false) {
$logObject->insertLog($user_id, "Failed to read request data for config update", 'system'); $logObject->insertLog($user_id, "Failed to read request data for config update", 'system');
ApiResponse::error('Failed to read request data'); ApiResponse::error('Failed to read request data');
exit;
} }
// Try to parse JSON // Try to parse JSON
@ -72,6 +84,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (json_last_error() !== JSON_ERROR_NONE) { if (json_last_error() !== JSON_ERROR_NONE) {
$error = json_last_error_msg(); $error = json_last_error_msg();
ApiResponse::error('Invalid JSON data received: ' . $error); ApiResponse::error('Invalid JSON data received: ' . $error);
exit;
} }
// Try to update config file // Try to update config file
@ -81,8 +94,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
} else { } else {
ApiResponse::error($result['error']); ApiResponse::error($result['error']);
} }
} exit;
} else {
// Handle non-AJAX POST // Handle non-AJAX POST
$result = $configObject->editConfigFile($_POST, $config_file); $result = $configObject->editConfigFile($_POST, $config_file);
if ($result['success']) { if ($result['success']) {
@ -94,6 +107,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
header('Location: ' . htmlspecialchars($app_root) . '?page=config'); header('Location: ' . htmlspecialchars($app_root) . '?page=config');
exit; exit;
} }
}
// Only include template for non-AJAX requests // Only include template for non-AJAX requests
if (!$isAjax) { if (!$isAjax) {