aboutsummaryrefslogtreecommitdiff
path: root/engine/lib/elgglib.php
diff options
context:
space:
mode:
Diffstat (limited to 'engine/lib/elgglib.php')
-rw-r--r--engine/lib/elgglib.php6
1 files changed, 6 insertions, 0 deletions
diff --git a/engine/lib/elgglib.php b/engine/lib/elgglib.php
index b044d230f..9035d95f2 100644
--- a/engine/lib/elgglib.php
+++ b/engine/lib/elgglib.php
@@ -1777,6 +1777,12 @@ function elgg_ajax_page_handler($page) {
unset($page[0]);
$view = implode('/', $page);
+ $allowed_views = elgg_get_config('allowed_ajax_views');
+ if (!array_key_exists($view, $allowed_views)) {
+ header('HTTP/1.1 403 Forbidden');
+ exit;
+ }
+
// pull out GET parameters through filter
$vars = array();
foreach ($_GET as $name => $value) {
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-17 00:06:04 +0000