From b32c34528060e1e8083184426a6cbd1ea5e84f11 Mon Sep 17 00:00:00 2001
From: dmi3yy <dmi3yy@gmail.com>
Date: Mon, 4 Sep 2017 12:30:08 +0300
Subject: [PATCH] refactor ajax.php

---
 manager/media/style/default/ajax.php | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/manager/media/style/default/ajax.php b/manager/media/style/default/ajax.php
index 35e9a48653..399f665a82 100644
--- a/manager/media/style/default/ajax.php
+++ b/manager/media/style/default/ajax.php
@@ -11,8 +11,8 @@
     $modx->getSettings();
 }
 
-if (!isset($_SERVER['HTTP_X_REQUESTED_WITH']) || (strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) != 'xmlhttprequest') || ($_SERVER['REQUEST_METHOD'] != 'POST')) {
-    $modx->sendRedirect($modx->config['site_url']);
+if (!isset($_SESSION['mgrValidated']) || !isset($_SERVER['HTTP_X_REQUESTED_WITH']) || (strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) != 'xmlhttprequest') || ($_SERVER['REQUEST_METHOD'] != 'POST')) {
+    $modx->sendErrorPage();
 }
 
 include_once MODX_BASE_PATH . MGR_DIR . '/includes/lang/' . $modx->config['manager_language'] . '.inc.php';
@@ -197,7 +197,7 @@
             $a = 88;
             $output = '';
             $items = '';
-            $filter = !empty($_REQUEST['filter']) ? addcslashes(trim($_REQUEST['filter']), '\%*_') : '';
+            $filter = !empty($_REQUEST['filter']) && is_scalar($_REQUEST['filter']) ? addcslashes(trim($_REQUEST['filter']), '\%*_') : '';
             $sqlLike = $filter ? 'WHERE t1.username LIKE "' . $modx->db->escape($filter) . '%"' : '';
             $sqlLimit = $sqlLike ? '' : 'LIMIT ' . $limit;
 
@@ -233,10 +233,11 @@
         }
 
         case 'modxTagHelper': {
-            $name = isset($_REQUEST['name']) ? $_REQUEST['name'] : false;
-            $type = isset($_REQUEST['type']) ? $_REQUEST['type'] : false;
+            $name = isset($_REQUEST['name']) && is_scalar($_REQUEST['name']) ? $modx->db->escape($_REQUEST['name']) : false;
+            $type = isset($_REQUEST['type']) && is_scalar($_REQUEST['type']) ? $modx->db->escape($_REQUEST['type']) : false;
+            $contextmenu = '';
 
-            if ($name && $type) {
+            if ($role && $name && $type) {
                 switch ($type) {
                     case 'Snippet':
                     case 'SnippetNoCache': {
@@ -468,6 +469,8 @@
                 echo json_encode($contextmenu, JSON_FORCE_OBJECT | JSON_UNESCAPED_UNICODE);
                 break;
             }
+
+            break;
         }
 
         case 'movedocument' : {
@@ -476,7 +479,7 @@
             if ($modx->hasPermission('new_document') && $modx->hasPermission('edit_document') && $modx->hasPermission('save_document')) {
                 $id = !empty($_REQUEST['id']) ? (int)$_REQUEST['id'] : '';
                 $parent = isset($_REQUEST['parent']) ? (int)$_REQUEST['parent'] : 0;
-                $menuindex = isset($_REQUEST['menuindex']) ? $_REQUEST['menuindex'] : 0;
+                $menuindex = isset($_REQUEST['menuindex']) && is_scalar($_REQUEST['menuindex']) ? $_REQUEST['menuindex'] : 0;
 
                 // set parent
                 if ($id && $parent >= 0) {