From ade45676f8e2b47438e9fbb8555d8b41b90039cc Mon Sep 17 00:00:00 2001
From: Robert <robert@smalc.si>
Date: Sat, 4 Dec 2021 14:41:36 +0100
Subject: [PATCH] Popravek, da dovoli samo ajax request.

---
 .../all/modules/nakupovanje_1ka/nakupovanje_1ka.module     | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/frontend/drupal/sites/all/modules/nakupovanje_1ka/nakupovanje_1ka.module b/frontend/drupal/sites/all/modules/nakupovanje_1ka/nakupovanje_1ka.module
index de3efac05..10d2e41c2 100755
--- a/frontend/drupal/sites/all/modules/nakupovanje_1ka/nakupovanje_1ka.module
+++ b/frontend/drupal/sites/all/modules/nakupovanje_1ka/nakupovanje_1ka.module
@@ -237,6 +237,13 @@ function nakupovanje_1ka_menu()
 
 function nakupovanje_1ka_api()
 {
+  if(empty($_SERVER['HTTP_X_REQUESTED_WITH']) || strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) != 'xmlhttprequest') {
+    header('Location: //1ka.si');
+    die();
+  }
+
+
+
   require($_SERVER['DOCUMENT_ROOT'] . '/settings.php');
 
   $api_url = $site_url . 'frontend/payments/api.php';