add security-check for remote api allowed to remote/json.php

Author: Florian Schaal

interface/web/remote/json.php

@@ -4,7 +4,13 @@
 $conf['start_session'] = false;
 require_once '../../lib/app.inc.php';
 
-$app->load('json_handler');
+if($conf['demo_mode'] == true) $app->error('This function is disabled in demo mode.');
+
+$app->load('json_handler,getconf');
+
+$security_config = $app->getconf->get_security_config('permissions');
+if($security_config['remote_api_allowed'] != 'yes') die('Remote API is disabled in security settings.');
+
 $json_handler = new ISPConfigJSONHandler();
 $json_handler->run();