diff --git a/include/ajax.forms.php b/include/ajax.forms.php index 70c57e15bf233c11099eca2350633565141be953..d6e434c6c2205229570fa913b627113cf731b492 100644 --- a/include/ajax.forms.php +++ b/include/ajax.forms.php @@ -15,6 +15,9 @@ class DynamicFormsAjaxAPI extends AjaxController { } function getFormsForHelpTopic($topic_id, $client=false) { + if (!$_SERVER['HTTP_REFERER']) + Http::response(403, 'Forbidden.'); + if (!($topic = Topic::lookup($topic_id))) Http::response(404, 'No such help topic');