From 31e57ab34fca286687df1347db0476367328b123 Mon Sep 17 00:00:00 2001
From: Daniel Kerr <webmaster@opencart.com>
Date: Mon, 27 Jul 2015 13:02:47 +0100
Subject: [PATCH] fixed some uneeded linees

---
 upload/admin/view/template/sale/order_form.tpl | 7 ++-----
 upload/index.php                               | 2 +-
 2 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/upload/admin/view/template/sale/order_form.tpl b/upload/admin/view/template/sale/order_form.tpl
index 07a6cffd5b9..8b5e383fa29 100644
--- a/upload/admin/view/template/sale/order_form.tpl
+++ b/upload/admin/view/template/sale/order_form.tpl
@@ -1012,7 +1012,6 @@ $('select[name=\'currency\']').on('change', function() {
 $('#button-refresh').on('click', function() {
 	$.ajax({
 		url: $('select[name=\'store\'] option:selected').val() + 'index.php?route=api/cart/products&token=' + token,
-		type: 'post',
 		dataType: 'json',
 		crossDomain: true,
 		success: function(json) {
@@ -1867,7 +1866,6 @@ $('#button-payment-address').on('click', function() {
 				// Payment Methods
 				$.ajax({
 					url: $('select[name=\'store\'] option:selected').val() + 'index.php?route=api/payment/methods&token=' + token,
-					type: 'post',
 					dataType: 'json',
 					crossDomain: true,
 					beforeSend: function() {
@@ -2054,7 +2052,6 @@ $('#button-shipping-address').on('click', function() {
 				// Shipping Methods
 				$.ajax({
 					url: $('select[name=\'store\'] option:selected').val() + 'index.php?route=api/shipping/methods&token=' + token,
-					type: 'post',
 					dataType: 'json',
 					beforeSend: function() {
 						$('#button-shipping-address i').replaceWith('<i class="fa fa-circle-o-notch fa-spin"></i>');
@@ -2116,7 +2113,7 @@ $('#button-shipping-method').on('click', function() {
 	$.ajax({
 		url: $('select[name=\'store\'] option:selected').val() + 'index.php?route=api/shipping/method&token=' + token,
 		type: 'post',
-		data: 'token=<?php echo $token; ?>&shipping_method=' + $('select[name=\'shipping_method\'] option:selected').val(),
+		data: 'shipping_method=' + $('select[name=\'shipping_method\'] option:selected').val(),
 		dataType: 'json',
 		crossDomain: true,
 		beforeSend: function() {
@@ -2192,7 +2189,7 @@ $('#button-coupon').on('click', function() {
 	$.ajax({
 		url: $('select[name=\'store\'] option:selected').val() + 'index.php?route=api/coupon&token=' + token,
 		type: 'post',
-		data: 'token=<?php echo $token; ?>&coupon=' + $('input[name=\'coupon\']').val(),
+		data: 'coupon=' + $('input[name=\'coupon\']').val(),
 		dataType: 'json',
 		crossDomain: true,
 		beforeSend: function() {
diff --git a/upload/index.php b/upload/index.php
index afb2a9072bb..8eb8b77a705 100644
--- a/upload/index.php
+++ b/upload/index.php
@@ -126,7 +126,7 @@ function error_handler($code, $message, $file, $line) {
 if (isset($request->get['token']) && isset($request->get['route']) && substr($request->get['route'], 0, 4) == 'api/') {
 	$db->query("DELETE FROM `" . DB_PREFIX . "api_session` WHERE TIMESTAMPADD(HOUR, 1, date_modified) < NOW()");
 
-	$query = $db->query("SELECT DISTINCT * FROM `" . DB_PREFIX . "api_session` `as`  LEFT JOIN " . DB_PREFIX . "api_ip `ai` ON (as.api_id = ai.api_id) WHERE as.token = '" . $db->escape($request->get['token']) . "' AND ai.ip = '" . $db->escape($request->server['REMOTE_ADDR']) . "'");
+	$query = $db->query("SELECT DISTINCT * FROM `" . DB_PREFIX . "api_session` `as` LEFT JOIN " . DB_PREFIX . "api_ip `ai` ON (as.api_id = ai.api_id) WHERE as.token = '" . $db->escape($request->get['token']) . "' AND ai.ip = '" . $db->escape($request->server['REMOTE_ADDR']) . "'");
 
 	if ($query->num_rows) {
 		// Does not seem PHP is able to handle sessions as objects properly so so wrote my own class