0

我在 Magento 管理员中调试。当我在表/网格中搜索/过滤时,它发送一个没有参数的 ajax 请求,但它仍然正确。他们是如何做到这一点的,它从哪里获取数据来搜索/过滤?

Request URL:http://192.168.1.29/magento/index.php/admincp/customer/grid/key/09469734cfa212fcbeea780d83672fa3/filter/bmFtZT1zeiZjdXN0b21lcl9zaW5jZSU1QmxvY2FsZSU1RD1lbl9VUw==/?ajax=true&isAjax=true
Request Method:POST
Status Code:200 OK
Request Headersview parsed
POST /magento/index.php/admincp/customer/grid/key/09469734cfa212fcbeea780d83672fa3/filter/bmFtZT1zeiZjdXN0b21lcl9zaW5jZSU1QmxvY2FsZSU1RD1lbl9VUw==/?ajax=true&isAjax=true HTTP/1.1
Host: 192.168.1.29
Connection: keep-alive
Content-Length: 44
Accept: text/javascript, text/html, application/xml, text/xml, */*
X-Prototype-Version: 1.7
Origin: http://192.168.1.29
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.110 Safari/537.36
Content-type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://192.168.1.29/magento/index.php/admincp/customer/index/key/84d12064a10d7bbefb735e8d1e3db74b/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Cookie: frontend=6rp4ia821dqe6i6q2h4lmtovk7; adminhtml=jinn3k6khrc1u7te4s9cq4pui5
Query String Parametersview parsed
ajax=true&isAjax=true
Form Dataview parsed
internal_customer=&form_key=eUx2oZyidqOwcPdf
4

1 回答 1

1

您的请求中有类似 base64 值的参数filterfilter/bmFtZT1zeiZjdXN0b21lcl9zaW5jZSU1QmxvY2FsZSU1RD1lbl9VUw==当然,它从表单中获取参数。

您还可以通过 System/Configuration/Advanced/Admin/Security/Add Secret Key to URLs 禁用 magento 管理员的密钥,这将有助于您调查管理面板。

于 2013-06-14T07:04:54.973 回答