From ccfcd338551c785fd20bf83f62572b90b41fe36d Mon Sep 17 00:00:00 2001
From: Isaac Connor <isaac@zoneminder.com>
Date: Tue, 5 Dec 2023 09:47:35 -0500
Subject: [PATCH] modal requests require csrf-magic.

---
 web/index.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/index.php b/web/index.php
index 4f26dc846..c4d2a4249 100644
--- a/web/index.php
+++ b/web/index.php
@@ -206,7 +206,7 @@ if (
   ( $action != 'login' ) &&
   ( $view != 'view_video' ) && // only video no html
   ( $view != 'image' ) && // view=image doesn't return html, just image data.
-  (!$request) && // requests are ajax and can only return json.
+  (!$request or ($request == 'modal')) && // requests are ajax and can only return json.
   //( $view != 'frames' ) &&  // big html can overflow ob
   ( $view != 'archive' ) // returns data
   && ( (!isset($_SERVER['CONTENT_TYPE']) or ($_SERVER['CONTENT_TYPE'] != 'application/csp-report')) )