diff --git a/upload/admin/controller/sale/order.php b/upload/admin/controller/sale/order.php
index fd40a46c166..430fcf67094 100644
--- a/upload/admin/controller/sale/order.php
+++ b/upload/admin/controller/sale/order.php
@@ -16,7 +16,7 @@ public function add() {
$this->load->language('sale/order');
print_r($_COOKIE);
-
+
$this->document->setTitle($this->language->get('heading_title'));
$this->load->model('sale/order');
diff --git a/upload/admin/php.ini b/upload/admin/php.ini
index 41c7e6990ba..22ba0e543f9 100644
--- a/upload/admin/php.ini
+++ b/upload/admin/php.ini
@@ -6,7 +6,7 @@ max_execution_time = 18000;
upload_max_filesize = 999M;
safe_mode = Off;
mysql.connect_timeout = 20;
-session.use_only_cookies = On;
+session.use_only_cookies = Off;
session.use_cookies = On;
session.use_trans_sid = Off;
session.cookie_httponly = On;
diff --git a/upload/admin/view/template/sale/order_form.tpl b/upload/admin/view/template/sale/order_form.tpl
index 597fcd5e3ae..2b87862a76b 100644
--- a/upload/admin/view/template/sale/order_form.tpl
+++ b/upload/admin/view/template/sale/order_form.tpl
@@ -960,13 +960,12 @@ $.ajax({
data: 'username=&password=',
dataType: 'json',
crossDomain: true,
- xhrFields: {
- withCredentials: true
- },
- success: function(json) {
+ success: function(json) {
+ console.log(json);
+
if (json['cookie']) {
$('input[name=\'cookie\']').val(json['cookie']);
-
+
$('select[name=\'currency\']').trigger('change');
}
@@ -986,10 +985,7 @@ $('select[name=\'currency\']').on('change', function() {
type: 'post',
data: 'cookie=' + $('input[name=\'cookie\']').val() + '¤cy=' + $('select[name=\'currency\'] option:selected').val(),
dataType: 'json',
- crossDomain: true,
- xhrFields: {
- withCredentials: true
- },
+ crossDomain: false,
beforeSend: function() {
$('select[name=\'currency\']').after(' ');
},
@@ -1021,9 +1017,6 @@ $('#button-refresh').on('click', function() {
data: 'cookie=' + $('input[name=\'cookie\']').val(),
dataType: 'json',
crossDomain: true,
- xhrFields: {
- withCredentials: true
- },
success: function(json) {
$('.alert-danger, .text-danger').remove();
@@ -1239,7 +1232,7 @@ $('input[name=\'customer\']').autocomplete({
},
'select': function(item) {
// Reset all custom fields
- $('#tab-customer input[type=\'text\'], #tab-customer input[type=\'text\'], #tab-customer textarea').not('#tab-customer input[name=\'customer\'], #tab-customer input[name=\'customer_id\']').val('');
+ $('#tab-customer input[type=\'text\'], #tab-customer textarea').not('#tab-customer input[name=\'customer\'], #tab-customer input[name=\'customer_id\']').val('');
$('#tab-customer select option').removeAttr('selected');
$('#tab-customer input[type=\'checkbox\'], #tab-customer input[type=\'radio\']').removeAttr('checked');
@@ -1316,9 +1309,6 @@ $('#button-customer').on('click', function() {
data: $('#tab-customer input[type=\'text\'], #tab-customer input[type=\'hidden\'], #tab-customer input[type=\'radio\']:checked, #tab-customer input[type=\'checkbox\']:checked, #tab-customer select, #tab-customer textarea'),
dataType: 'json',
crossDomain: true,
- xhrFields: {
- withCredentials: true
- },
beforeSend: function() {
$('#button-customer').button('loading');
},
@@ -1352,10 +1342,7 @@ $('#button-customer').on('click', function() {
type: 'post',
data: $('#tab-customer input[name=\'cookie\'], #cart input[name^=\'product\'][type=\'text\'], #cart input[name^=\'product\'][type=\'hidden\'], #cart input[name^=\'product\'][type=\'radio\']:checked, #cart input[name^=\'product\'][type=\'checkbox\']:checked, #cart select[name^=\'product\'], #cart textarea[name^=\'product\']'),
dataType: 'json',
- crossDomain: true,
- xhrFields: {
- withCredentials: true
- },
+ crossDomain: true,
beforeSend: function() {
$('#button-product-add').button('loading');
},
@@ -1380,10 +1367,7 @@ $('#button-customer').on('click', function() {
type: 'post',
data: $('#tab-customer input[name=\'cookie\'], #cart input[name^=\'voucher\'][type=\'text\'], #cart input[name^=\'voucher\'][type=\'hidden\'], #cart input[name^=\'voucher\'][type=\'radio\']:checked, #cart input[name^=\'voucher\'][type=\'checkbox\']:checked, #cart select[name^=\'voucher\'], #cart textarea[name^=\'voucher\']'),
dataType: 'json',
- crossDomain: true,
- xhrFields: {
- withCredentials: true
- },
+ crossDomain: true,
beforeSend: function() {
$('#button-voucher-add').button('loading');
},
@@ -1617,9 +1601,6 @@ $('#button-product-add').on('click', function() {
data: $('#tab-customer input[name=\'cookie\'], #tab-product input[name=\'product_id\'], #tab-product input[name=\'quantity\'], #tab-product input[name^=\'option\'][type=\'text\'], #tab-product input[name^=\'option\'][type=\'hidden\'], #tab-product input[name^=\'option\'][type=\'radio\']:checked, #tab-product input[name^=\'option\'][type=\'checkbox\']:checked, #tab-product select[name^=\'option\'], #tab-product textarea[name^=\'option\']'),
dataType: 'json',
crossDomain: true,
- xhrFields: {
- withCredentials: true
- },
beforeSend: function() {
$('#button-product-add').button('loading');
},
@@ -1671,10 +1652,7 @@ $('#button-voucher-add').on('click', function() {
type: 'post',
data: $('#tab-customer input[name=\'cookie\'], #tab-voucher input[type=\'text\'], #tab-voucher input[type=\'hidden\'], #tab-voucher input[type=\'radio\']:checked, #tab-voucher input[type=\'checkbox\']:checked, #tab-voucher select, #tab-voucher textarea'),
dataType: 'json',
- crossDomain: true,
- xhrFields: {
- withCredentials: true
- },
+ crossDomain: true,
beforeSend: function() {
$('#button-voucher-add').button('loading');
},
@@ -1729,9 +1707,6 @@ $('#tab-cart').delegate('.btn-danger', 'click', function() {
data: 'cookie=' + $('input[name=\'cookie\']').val() + '&key=' + encodeURIComponent(this.value),
dataType: 'json',
crossDomain: true,
- xhrFields: {
- withCredentials: true
- },
beforeSend: function() {
$(node).button('loading');
},
@@ -1862,9 +1837,6 @@ $('#button-payment-address').on('click', function() {
data: $('#tab-customer input[name=\'cookie\'], #tab-payment input[type=\'text\'], #tab-payment input[type=\'hidden\'], #tab-payment input[type=\'radio\']:checked, #tab-payment input[type=\'checkbox\']:checked, #tab-payment select, #tab-payment textarea'),
dataType: 'json',
crossDomain: true,
- xhrFields: {
- withCredentials: true
- },
beforeSend: function() {
$('#button-payment-address').button('loading');
},
@@ -1900,10 +1872,7 @@ $('#button-payment-address').on('click', function() {
type: 'post',
data: 'cookie=' + $('input[name=\'cookie\']').val(),
dataType: 'json',
- crossDomain: true,
- xhrFields: {
- withCredentials: true
- },
+ crossDomain: true,
beforeSend: function() {
$('#button-payment-address i').replaceWith('');
$('#button-payment-address').prop('disabled', true);
@@ -2056,9 +2025,6 @@ $('#button-shipping-address').on('click', function() {
data: $('#tab-customer input[name=\'cookie\'], #tab-shipping input[type=\'text\'], #tab-shipping input[type=\'hidden\'], #tab-shipping input[type=\'radio\']:checked, #tab-shipping input[type=\'checkbox\']:checked, #tab-shipping select, #tab-shipping textarea'),
dataType: 'json',
crossDomain: true,
- xhrFields: {
- withCredentials: true
- },
beforeSend: function() {
$('#button-shipping-address').button('loading');
},
@@ -2157,9 +2123,6 @@ $('#button-shipping-method').on('click', function() {
data: 'cookie=' + $('input[name=\'cookie\']').val() + '&shipping_method=' + $('select[name=\'shipping_method\'] option:selected').val(),
dataType: 'json',
crossDomain: true,
- xhrFields: {
- withCredentials: true
- },
beforeSend: function() {
$('#button-shipping-method').button('loading');
},
@@ -2198,9 +2161,6 @@ $('#button-payment-method').on('click', function() {
data: 'cookie=' + $('input[name=\'cookie\']').val() + '&payment_method=' + $('select[name=\'payment_method\'] option:selected').val(),
dataType: 'json',
crossDomain: true,
- xhrFields: {
- withCredentials: true
- },
beforeSend: function() {
$('#button-payment-method').button('loading');
},
@@ -2239,9 +2199,6 @@ $('#button-coupon').on('click', function() {
data: 'cookie=' + $('input[name=\'cookie\']').val() + '&coupon=' + $('input[name=\'coupon\']').val(),
dataType: 'json',
crossDomain: true,
- xhrFields: {
- withCredentials: true
- },
beforeSend: function() {
$('#button-coupon').button('loading');
},
@@ -2279,10 +2236,7 @@ $('#button-voucher').on('click', function() {
type: 'post',
data: 'cookie=' + $('input[name=\'cookie\']').val() + '&voucher=' + $('input[name=\'voucher\']').val(),
dataType: 'json',
- crossDomain: true,
- xhrFields: {
- withCredentials: true
- },
+ crossDomain: true,
beforeSend: function() {
$('#button-voucher').button('loading');
},
@@ -2321,9 +2275,6 @@ $('#button-reward').on('click', function() {
data: 'cookie=' + $('input[name=\'cookie\']').val() + '&reward=' + $('input[name=\'reward\']').val(),
dataType: 'json',
crossDomain: true,
- xhrFields: {
- withCredentials: true
- },
beforeSend: function() {
$('#button-reward').button('loading');
},
@@ -2397,9 +2348,6 @@ $('#button-save').on('click', function() {
data: $('#tab-customer input[name=\'cookie\'], #tab-total select[name=\'order_status_id\'], #tab-total select, #tab-total textarea[name=\'comment\'], #tab-total input[name=\'affiliate_id\']'),
dataType: 'json',
crossDomain: true,
- xhrFields: {
- withCredentials: true
- },
beforeSend: function() {
$('#button-save').button('loading');
},
diff --git a/upload/catalog/controller/api/cart.php b/upload/catalog/controller/api/cart.php
index 8b5b3f38759..5a3484ed26d 100644
--- a/upload/catalog/controller/api/cart.php
+++ b/upload/catalog/controller/api/cart.php
@@ -64,12 +64,14 @@ public function add() {
}
}
- $this->response->addHeader('Access-Control-Allow-Origin: ' . $this->request->server['HTTP_ORIGIN']);
- $this->response->addHeader('Access-Control-Allow-Credentials: true');
- $this->response->addHeader('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
- $this->response->addHeader('Access-Control-Max-Age: 1000');
- $this->response->addHeader('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
-
+ if (isset($this->request->server['HTTP_ORIGIN'])) {
+ $this->response->addHeader('Access-Control-Allow-Origin: ' . $this->request->server['HTTP_ORIGIN']);
+ $this->response->addHeader('Access-Control-Allow-Credentials: true');
+ $this->response->addHeader('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
+ $this->response->addHeader('Access-Control-Max-Age: 1000');
+ $this->response->addHeader('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
+ }
+
$this->response->addHeader('Content-Type: application/json');
$this->response->setOutput(json_encode($json));
}
@@ -93,12 +95,14 @@ public function edit() {
unset($this->session->data['reward']);
}
- $this->response->addHeader('Access-Control-Allow-Origin: ' . $this->request->server['HTTP_ORIGIN']);
- $this->response->addHeader('Access-Control-Allow-Credentials: true');
- $this->response->addHeader('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
- $this->response->addHeader('Access-Control-Max-Age: 1000');
- $this->response->addHeader('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
-
+ if (isset($this->request->server['HTTP_ORIGIN'])) {
+ $this->response->addHeader('Access-Control-Allow-Origin: ' . $this->request->server['HTTP_ORIGIN']);
+ $this->response->addHeader('Access-Control-Allow-Credentials: true');
+ $this->response->addHeader('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
+ $this->response->addHeader('Access-Control-Max-Age: 1000');
+ $this->response->addHeader('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
+ }
+
$this->response->addHeader('Content-Type: application/json');
$this->response->setOutput(json_encode($json));
}
@@ -127,19 +131,21 @@ public function remove() {
}
}
- $this->response->addHeader('Access-Control-Allow-Origin: ' . $this->request->server['HTTP_ORIGIN']);
- $this->response->addHeader('Access-Control-Allow-Credentials: true');
- $this->response->addHeader('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
- $this->response->addHeader('Access-Control-Max-Age: 1000');
- $this->response->addHeader('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
-
+ if (isset($this->request->server['HTTP_ORIGIN'])) {
+ $this->response->addHeader('Access-Control-Allow-Origin: ' . $this->request->server['HTTP_ORIGIN']);
+ $this->response->addHeader('Access-Control-Allow-Credentials: true');
+ $this->response->addHeader('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
+ $this->response->addHeader('Access-Control-Max-Age: 1000');
+ $this->response->addHeader('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
+ }
+
$this->response->addHeader('Content-Type: application/json');
$this->response->setOutput(json_encode($json));
}
public function products() {
$this->load->language('api/cart');
-
+
$json = array();
if (!isset($this->session->data['api_id'])) {
@@ -257,12 +263,14 @@ public function products() {
}
}
- $this->response->addHeader('Access-Control-Allow-Origin: ' . $this->request->server['HTTP_ORIGIN']);
- $this->response->addHeader('Access-Control-Allow-Credentials: true');
- $this->response->addHeader('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
- $this->response->addHeader('Access-Control-Max-Age: 1000');
- $this->response->addHeader('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
-
+ if (isset($this->request->server['HTTP_ORIGIN'])) {
+ $this->response->addHeader('Access-Control-Allow-Origin: ' . $this->request->server['HTTP_ORIGIN']);
+ $this->response->addHeader('Access-Control-Allow-Credentials: true');
+ $this->response->addHeader('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
+ $this->response->addHeader('Access-Control-Max-Age: 1000');
+ $this->response->addHeader('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
+ }
+
$this->response->addHeader('Content-Type: application/json');
$this->response->setOutput(json_encode($json));
}
diff --git a/upload/catalog/controller/api/coupon.php b/upload/catalog/controller/api/coupon.php
index 73c2ce017c4..0b959987d44 100644
--- a/upload/catalog/controller/api/coupon.php
+++ b/upload/catalog/controller/api/coupon.php
@@ -29,12 +29,15 @@ public function index() {
$json['error'] = $this->language->get('error_coupon');
}
}
- $this->response->addHeader('Access-Control-Allow-Origin: ' . $this->request->server['HTTP_ORIGIN']);
- $this->response->addHeader('Access-Control-Allow-Credentials: true');
- $this->response->addHeader('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
- $this->response->addHeader('Access-Control-Max-Age: 1000');
- $this->response->addHeader('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
-
+
+ if (isset($this->request->server['HTTP_ORIGIN'])) {
+ $this->response->addHeader('Access-Control-Allow-Origin: ' . $this->request->server['HTTP_ORIGIN']);
+ $this->response->addHeader('Access-Control-Allow-Credentials: true');
+ $this->response->addHeader('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
+ $this->response->addHeader('Access-Control-Max-Age: 1000');
+ $this->response->addHeader('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
+ }
+
$this->response->addHeader('Content-Type: application/json');
$this->response->setOutput(json_encode($json));
}
diff --git a/upload/catalog/controller/api/currency.php b/upload/catalog/controller/api/currency.php
index 867e5d735a2..a6f46b7cc69 100644
--- a/upload/catalog/controller/api/currency.php
+++ b/upload/catalog/controller/api/currency.php
@@ -5,6 +5,10 @@ public function index() {
$json = array();
+ print_r($_COOKIE);
+
+ echo 'post: ' . $_POST['cookie'] . "\n";
+
if (!isset($this->session->data['api_id'])) {
$json['error'] = $this->language->get('error_permission');
} else {
@@ -23,20 +27,15 @@ public function index() {
$json['error'] = $this->language->get('error_currency');
}
}
-
- $this->response->addHeader('Access-Control-Allow-Origin: ' . $this->request->server['HTTP_ORIGIN']);
- $this->response->addHeader('Access-Control-Allow-Credentials: true');
- $this->response->addHeader('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
- $this->response->addHeader('Access-Control-Max-Age: 1000');
- $this->response->addHeader('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
+ if (isset($this->request->server['HTTP_ORIGIN'])) {
+ $this->response->addHeader('Access-Control-Allow-Origin: ' . $this->request->server['HTTP_ORIGIN']);
+ $this->response->addHeader('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
+ $this->response->addHeader('Access-Control-Max-Age: 1000');
+ $this->response->addHeader('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
+ }
+
$this->response->addHeader('Content-Type: application/json');
$this->response->setOutput(json_encode($json));
-
-
- print_r($_COOKIE);
-
- echo $this->request->post['cookie'] . "\n";
- echo $this->session->getId();
}
}
\ No newline at end of file
diff --git a/upload/catalog/controller/api/customer.php b/upload/catalog/controller/api/customer.php
index ea01af30745..a23ed8374f6 100644
--- a/upload/catalog/controller/api/customer.php
+++ b/upload/catalog/controller/api/customer.php
@@ -89,12 +89,14 @@ public function index() {
}
}
- $this->response->addHeader('Access-Control-Allow-Origin: ' . $this->request->server['HTTP_ORIGIN']);
- $this->response->addHeader('Access-Control-Allow-Credentials: true');
- $this->response->addHeader('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
- $this->response->addHeader('Access-Control-Max-Age: 1000');
- $this->response->addHeader('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
-
+ if (isset($this->request->server['HTTP_ORIGIN'])) {
+ $this->response->addHeader('Access-Control-Allow-Origin: ' . $this->request->server['HTTP_ORIGIN']);
+ $this->response->addHeader('Access-Control-Allow-Credentials: true');
+ $this->response->addHeader('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
+ $this->response->addHeader('Access-Control-Max-Age: 1000');
+ $this->response->addHeader('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
+ }
+
$this->response->addHeader('Content-Type: application/json');
$this->response->setOutput(json_encode($json));
}
diff --git a/upload/catalog/controller/api/login.php b/upload/catalog/controller/api/login.php
index 3d51c02b065..980d4db46db 100644
--- a/upload/catalog/controller/api/login.php
+++ b/upload/catalog/controller/api/login.php
@@ -5,7 +5,7 @@ public function index() {
// Delete old login so not to cause any issues if there is an error
unset($this->session->data['api_id']);
-
+
$keys = array(
'username',
'password'
@@ -25,9 +25,7 @@ public function index() {
if ($api_info) {
$this->session->data['api_id'] = $api_info['api_id'];
-
- $this->session->regeneratId();
-
+
$json['cookie'] = $this->session->getId();
$json['success'] = $this->language->get('text_success');
@@ -35,12 +33,13 @@ public function index() {
$json['error'] = $this->language->get('error_login');
}
- $this->response->addHeader('Access-Control-Allow-Origin: ' . $this->request->server['HTTP_ORIGIN']);
- $this->response->addHeader('Access-Control-Allow-Credentials: true');
- $this->response->addHeader('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
- $this->response->addHeader('Access-Control-Max-Age: 1000');
- $this->response->addHeader('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
-
+ if (isset($this->request->server['HTTP_ORIGIN'])) {
+ $this->response->addHeader('Access-Control-Allow-Origin: ' . $this->request->server['HTTP_ORIGIN']);
+ $this->response->addHeader('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
+ $this->response->addHeader('Access-Control-Max-Age: 1000');
+ $this->response->addHeader('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
+ }
+
$this->response->addHeader('Content-Type: application/json');
$this->response->setOutput(json_encode($json));
}
diff --git a/upload/catalog/controller/api/order.php b/upload/catalog/controller/api/order.php
index 48dd2ef0f86..5d5d816184b 100644
--- a/upload/catalog/controller/api/order.php
+++ b/upload/catalog/controller/api/order.php
@@ -317,12 +317,14 @@ public function add() {
}
}
- $this->response->addHeader('Access-Control-Allow-Origin: ' . $this->request->server['HTTP_ORIGIN']);
- $this->response->addHeader('Access-Control-Allow-Credentials: true');
- $this->response->addHeader('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
- $this->response->addHeader('Access-Control-Max-Age: 1000');
- $this->response->addHeader('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
-
+ if (isset($this->request->server['HTTP_ORIGIN'])) {
+ $this->response->addHeader('Access-Control-Allow-Origin: ' . $this->request->server['HTTP_ORIGIN']);
+ $this->response->addHeader('Access-Control-Allow-Credentials: true');
+ $this->response->addHeader('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
+ $this->response->addHeader('Access-Control-Max-Age: 1000');
+ $this->response->addHeader('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
+ }
+
$this->response->addHeader('Content-Type: application/json');
$this->response->setOutput(json_encode($json));
}
@@ -624,12 +626,14 @@ public function edit() {
}
}
- $this->response->addHeader('Access-Control-Allow-Origin: ' . $this->request->server['HTTP_ORIGIN']);
- $this->response->addHeader('Access-Control-Allow-Credentials: true');
- $this->response->addHeader('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
- $this->response->addHeader('Access-Control-Max-Age: 1000');
- $this->response->addHeader('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
-
+ if (isset($this->request->server['HTTP_ORIGIN'])) {
+ $this->response->addHeader('Access-Control-Allow-Origin: ' . $this->request->server['HTTP_ORIGIN']);
+ $this->response->addHeader('Access-Control-Allow-Credentials: true');
+ $this->response->addHeader('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
+ $this->response->addHeader('Access-Control-Max-Age: 1000');
+ $this->response->addHeader('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
+ }
+
$this->response->addHeader('Content-Type: application/json');
$this->response->setOutput(json_encode($json));
}
@@ -661,12 +665,14 @@ public function delete() {
}
}
- $this->response->addHeader('Access-Control-Allow-Origin: ' . $this->request->server['HTTP_ORIGIN']);
- $this->response->addHeader('Access-Control-Allow-Credentials: true');
- $this->response->addHeader('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
- $this->response->addHeader('Access-Control-Max-Age: 1000');
- $this->response->addHeader('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
-
+ if (isset($this->request->server['HTTP_ORIGIN'])) {
+ $this->response->addHeader('Access-Control-Allow-Origin: ' . $this->request->server['HTTP_ORIGIN']);
+ $this->response->addHeader('Access-Control-Allow-Credentials: true');
+ $this->response->addHeader('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
+ $this->response->addHeader('Access-Control-Max-Age: 1000');
+ $this->response->addHeader('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
+ }
+
$this->response->addHeader('Content-Type: application/json');
$this->response->setOutput(json_encode($json));
}
@@ -712,12 +718,14 @@ public function history() {
}
}
- $this->response->addHeader('Access-Control-Allow-Origin: ' . $this->request->server['HTTP_ORIGIN']);
- $this->response->addHeader('Access-Control-Allow-Credentials: true');
- $this->response->addHeader('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
- $this->response->addHeader('Access-Control-Max-Age: 1000');
- $this->response->addHeader('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
-
+ if (isset($this->request->server['HTTP_ORIGIN'])) {
+ $this->response->addHeader('Access-Control-Allow-Origin: ' . $this->request->server['HTTP_ORIGIN']);
+ $this->response->addHeader('Access-Control-Allow-Credentials: true');
+ $this->response->addHeader('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
+ $this->response->addHeader('Access-Control-Max-Age: 1000');
+ $this->response->addHeader('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
+ }
+
$this->response->addHeader('Content-Type: application/json');
$this->response->setOutput(json_encode($json));
}
diff --git a/upload/catalog/controller/api/payment.php b/upload/catalog/controller/api/payment.php
index 275c50badc2..f94ad9971c9 100644
--- a/upload/catalog/controller/api/payment.php
+++ b/upload/catalog/controller/api/payment.php
@@ -130,12 +130,14 @@ public function address() {
}
}
- $this->response->addHeader('Access-Control-Allow-Origin: ' . $this->request->server['HTTP_ORIGIN']);
- $this->response->addHeader('Access-Control-Allow-Credentials: true');
- $this->response->addHeader('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
- $this->response->addHeader('Access-Control-Max-Age: 1000');
- $this->response->addHeader('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
-
+ if (isset($this->request->server['HTTP_ORIGIN'])) {
+ $this->response->addHeader('Access-Control-Allow-Origin: ' . $this->request->server['HTTP_ORIGIN']);
+ $this->response->addHeader('Access-Control-Allow-Credentials: true');
+ $this->response->addHeader('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
+ $this->response->addHeader('Access-Control-Max-Age: 1000');
+ $this->response->addHeader('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
+ }
+
$this->response->addHeader('Content-Type: application/json');
$this->response->setOutput(json_encode($json));
}
@@ -226,12 +228,14 @@ public function methods() {
}
}
- $this->response->addHeader('Access-Control-Allow-Origin: ' . $this->request->server['HTTP_ORIGIN']);
- $this->response->addHeader('Access-Control-Allow-Credentials: true');
- $this->response->addHeader('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
- $this->response->addHeader('Access-Control-Max-Age: 1000');
- $this->response->addHeader('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
-
+ if (isset($this->request->server['HTTP_ORIGIN'])) {
+ $this->response->addHeader('Access-Control-Allow-Origin: ' . $this->request->server['HTTP_ORIGIN']);
+ $this->response->addHeader('Access-Control-Allow-Credentials: true');
+ $this->response->addHeader('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
+ $this->response->addHeader('Access-Control-Max-Age: 1000');
+ $this->response->addHeader('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
+ }
+
$this->response->addHeader('Content-Type: application/json');
$this->response->setOutput(json_encode($json));
}
@@ -268,12 +272,14 @@ public function method() {
}
}
- $this->response->addHeader('Access-Control-Allow-Origin: ' . $this->request->server['HTTP_ORIGIN']);
- $this->response->addHeader('Access-Control-Allow-Credentials: true');
- $this->response->addHeader('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
- $this->response->addHeader('Access-Control-Max-Age: 1000');
- $this->response->addHeader('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
-
+ if (isset($this->request->server['HTTP_ORIGIN'])) {
+ $this->response->addHeader('Access-Control-Allow-Origin: ' . $this->request->server['HTTP_ORIGIN']);
+ $this->response->addHeader('Access-Control-Allow-Credentials: true');
+ $this->response->addHeader('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
+ $this->response->addHeader('Access-Control-Max-Age: 1000');
+ $this->response->addHeader('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
+ }
+
$this->response->addHeader('Content-Type: application/json');
$this->response->setOutput(json_encode($json));
}
diff --git a/upload/catalog/controller/api/reward.php b/upload/catalog/controller/api/reward.php
index d39055156ec..bba52accf9f 100644
--- a/upload/catalog/controller/api/reward.php
+++ b/upload/catalog/controller/api/reward.php
@@ -40,12 +40,14 @@ public function index() {
}
}
- $this->response->addHeader('Access-Control-Allow-Origin: ' . $this->request->server['HTTP_ORIGIN']);
- $this->response->addHeader('Access-Control-Allow-Credentials: true');
- $this->response->addHeader('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
- $this->response->addHeader('Access-Control-Max-Age: 1000');
- $this->response->addHeader('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
-
+ if (isset($this->request->server['HTTP_ORIGIN'])) {
+ $this->response->addHeader('Access-Control-Allow-Origin: ' . $this->request->server['HTTP_ORIGIN']);
+ $this->response->addHeader('Access-Control-Allow-Credentials: true');
+ $this->response->addHeader('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
+ $this->response->addHeader('Access-Control-Max-Age: 1000');
+ $this->response->addHeader('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
+ }
+
$this->response->addHeader('Content-Type: application/json');
$this->response->setOutput(json_encode($json));
}
@@ -67,12 +69,14 @@ public function maximum() {
}
}
- $this->response->addHeader('Access-Control-Allow-Origin: ' . $this->request->server['HTTP_ORIGIN']);
- $this->response->addHeader('Access-Control-Allow-Credentials: true');
- $this->response->addHeader('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
- $this->response->addHeader('Access-Control-Max-Age: 1000');
- $this->response->addHeader('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
-
+ if (isset($this->request->server['HTTP_ORIGIN'])) {
+ $this->response->addHeader('Access-Control-Allow-Origin: ' . $this->request->server['HTTP_ORIGIN']);
+ $this->response->addHeader('Access-Control-Allow-Credentials: true');
+ $this->response->addHeader('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
+ $this->response->addHeader('Access-Control-Max-Age: 1000');
+ $this->response->addHeader('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
+ }
+
$this->response->addHeader('Content-Type: application/json');
$this->response->setOutput(json_encode($json));
}
@@ -88,12 +92,14 @@ public function available() {
$json['points'] = $this->customer->getRewardPoints();
}
- $this->response->addHeader('Access-Control-Allow-Origin: ' . $this->request->server['HTTP_ORIGIN']);
- $this->response->addHeader('Access-Control-Allow-Credentials: true');
- $this->response->addHeader('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
- $this->response->addHeader('Access-Control-Max-Age: 1000');
- $this->response->addHeader('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
-
+ if (isset($this->request->server['HTTP_ORIGIN'])) {
+ $this->response->addHeader('Access-Control-Allow-Origin: ' . $this->request->server['HTTP_ORIGIN']);
+ $this->response->addHeader('Access-Control-Allow-Credentials: true');
+ $this->response->addHeader('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
+ $this->response->addHeader('Access-Control-Max-Age: 1000');
+ $this->response->addHeader('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
+ }
+
$this->response->addHeader('Content-Type: application/json');
$this->response->setOutput(json_encode($json));
}
diff --git a/upload/catalog/controller/api/shipping.php b/upload/catalog/controller/api/shipping.php
index d929cc1f4a9..ef7b6f249e8 100644
--- a/upload/catalog/controller/api/shipping.php
+++ b/upload/catalog/controller/api/shipping.php
@@ -132,12 +132,14 @@ public function address() {
}
}
- $this->response->addHeader('Access-Control-Allow-Origin: ' . $this->request->server['HTTP_ORIGIN']);
- $this->response->addHeader('Access-Control-Allow-Credentials: true');
- $this->response->addHeader('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
- $this->response->addHeader('Access-Control-Max-Age: 1000');
- $this->response->addHeader('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
-
+ if (isset($this->request->server['HTTP_ORIGIN'])) {
+ $this->response->addHeader('Access-Control-Allow-Origin: ' . $this->request->server['HTTP_ORIGIN']);
+ $this->response->addHeader('Access-Control-Allow-Credentials: true');
+ $this->response->addHeader('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
+ $this->response->addHeader('Access-Control-Max-Age: 1000');
+ $this->response->addHeader('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
+ }
+
$this->response->addHeader('Content-Type: application/json');
$this->response->setOutput(json_encode($json));
}
@@ -201,12 +203,14 @@ public function methods() {
$json['shipping_methods'] = array();
}
- $this->response->addHeader('Access-Control-Allow-Origin: ' . $this->request->server['HTTP_ORIGIN']);
- $this->response->addHeader('Access-Control-Allow-Credentials: true');
- $this->response->addHeader('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
- $this->response->addHeader('Access-Control-Max-Age: 1000');
- $this->response->addHeader('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
-
+ if (isset($this->request->server['HTTP_ORIGIN'])) {
+ $this->response->addHeader('Access-Control-Allow-Origin: ' . $this->request->server['HTTP_ORIGIN']);
+ $this->response->addHeader('Access-Control-Allow-Credentials: true');
+ $this->response->addHeader('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
+ $this->response->addHeader('Access-Control-Max-Age: 1000');
+ $this->response->addHeader('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
+ }
+
$this->response->addHeader('Content-Type: application/json');
$this->response->setOutput(json_encode($json));
}
@@ -253,12 +257,14 @@ public function method() {
}
}
- $this->response->addHeader('Access-Control-Allow-Origin: ' . $this->request->server['HTTP_ORIGIN']);
- $this->response->addHeader('Access-Control-Allow-Credentials: true');
- $this->response->addHeader('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
- $this->response->addHeader('Access-Control-Max-Age: 1000');
- $this->response->addHeader('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
-
+ if (isset($this->request->server['HTTP_ORIGIN'])) {
+ $this->response->addHeader('Access-Control-Allow-Origin: ' . $this->request->server['HTTP_ORIGIN']);
+ $this->response->addHeader('Access-Control-Allow-Credentials: true');
+ $this->response->addHeader('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
+ $this->response->addHeader('Access-Control-Max-Age: 1000');
+ $this->response->addHeader('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
+ }
+
$this->response->addHeader('Content-Type: application/json');
$this->response->setOutput(json_encode($json));
}
diff --git a/upload/catalog/controller/api/voucher.php b/upload/catalog/controller/api/voucher.php
index e5fe822b4d6..139f6c27cc3 100644
--- a/upload/catalog/controller/api/voucher.php
+++ b/upload/catalog/controller/api/voucher.php
@@ -30,12 +30,14 @@ public function index() {
}
}
- $this->response->addHeader('Access-Control-Allow-Origin: ' . $this->request->server['HTTP_ORIGIN']);
- $this->response->addHeader('Access-Control-Allow-Credentials: true');
- $this->response->addHeader('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
- $this->response->addHeader('Access-Control-Max-Age: 1000');
- $this->response->addHeader('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
-
+ if (isset($this->request->server['HTTP_ORIGIN'])) {
+ $this->response->addHeader('Access-Control-Allow-Origin: ' . $this->request->server['HTTP_ORIGIN']);
+ $this->response->addHeader('Access-Control-Allow-Credentials: true');
+ $this->response->addHeader('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
+ $this->response->addHeader('Access-Control-Max-Age: 1000');
+ $this->response->addHeader('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
+ }
+
$this->response->addHeader('Content-Type: application/json');
$this->response->setOutput(json_encode($json));
}
@@ -125,12 +127,14 @@ public function add() {
}
}
- $this->response->addHeader('Access-Control-Allow-Origin: ' . $this->request->server['HTTP_ORIGIN']);
- $this->response->addHeader('Access-Control-Allow-Credentials: true');
- $this->response->addHeader('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
- $this->response->addHeader('Access-Control-Max-Age: 1000');
- $this->response->addHeader('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
-
+ if (isset($this->request->server['HTTP_ORIGIN'])) {
+ $this->response->addHeader('Access-Control-Allow-Origin: ' . $this->request->server['HTTP_ORIGIN']);
+ $this->response->addHeader('Access-Control-Allow-Credentials: true');
+ $this->response->addHeader('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
+ $this->response->addHeader('Access-Control-Max-Age: 1000');
+ $this->response->addHeader('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
+ }
+
$this->response->addHeader('Content-Type: application/json');
$this->response->setOutput(json_encode($json));
}
diff --git a/upload/php.ini b/upload/php.ini
index 27de5d1348f..19c7506aad9 100644
--- a/upload/php.ini
+++ b/upload/php.ini
@@ -6,7 +6,7 @@ max_execution_time = 36000;
upload_max_filesize = 999M;
safe_mode = Off;
mysql.connect_timeout = 20;
-session.use_only_cookies = On;
+session.use_only_cookies = Off;
session.use_cookies = On;
session.use_trans_sid = Off;
session.cookie_httponly = On;
diff --git a/upload/system/library/session.php b/upload/system/library/session.php
index e34638e26e0..8b5c5a24f62 100644
--- a/upload/system/library/session.php
+++ b/upload/system/library/session.php
@@ -4,9 +4,10 @@ class Session {
public function __construct($session_id = '') {
ini_set('session.use_only_cookies', 'Off');
+ ini_set('session.use_cookies', 'On');
ini_set('session.use_trans_sid', 'Off');
- ini_set('session.cookie_httponly', 'Off');
-
+ ini_set('session.cookie_httponly', 'On');
+
if ($session_id) {
session_id($session_id);
}
@@ -17,14 +18,30 @@ public function __construct($session_id = '') {
$this->data =& $_SESSION;
}
- public function getId() {
- return session_id();
+ public function getId($session_id = '') {
+ if ($session_id) {
+ return session_id($session_id);
+ } else {
+ return session_id();
+ }
+ }
+
+ public function regenerateId($delete = false) {
+ return session_regenerate_id($delete);
}
- public function regeneratId() {
- return regenerate_id();
+ public function start() {
+ return session_start();
+ }
+
+ public function commit() {
+ session_commit();
}
+ public function reset() {
+ session_reset();
+ }
+
public function destroy() {
return session_destroy();
}