BUG Consistently use FormResponse in CMS JavaScript (fixes #8036)

Regression caused by a security fix in 9bf3ae9a190
This commit is contained in:
Ingo Schommer 2012-11-21 13:33:47 +01:00
parent 75e58c9508
commit 41aec54e88
12 changed files with 33 additions and 40 deletions

View File

@ -654,7 +654,8 @@ JS;
$script .= "statusMessage('$message');"; $script .= "statusMessage('$message');";
return $script; FormResponse::add($script);
return FormResponse::respond();
} }
public function removefile($request){ public function removefile($request){
@ -671,10 +672,12 @@ JS;
$file->destroy(); $file->destroy();
if(Director::is_ajax()) { if(Director::is_ajax()) {
echo <<<JS $js = <<<JS
$('Form_EditForm_Files').removeFile($fileID); $('Form_EditForm_Files').removeFile($fileID);
statusMessage('removed file', 'good'); statusMessage('removed file', 'good');
JS; JS;
FormResponse::add($js);
return FormResponse::respond();
} else { } else {
Director::redirectBack(); Director::redirectBack();
} }

View File

@ -148,11 +148,14 @@ class CommentAdmin extends LeftAndMain {
user_error("No comments in $commentList could be found!", E_USER_ERROR); user_error("No comments in $commentList could be found!", E_USER_ERROR);
} }
echo <<<JS $js = <<<JS
$deleteList $deleteList
$('Form_EditForm').getPageFromServer($('Form_EditForm_ID').value); $('Form_EditForm').getPageFromServer($('Form_EditForm_ID').value);
statusMessage("Deleted $numComments comments."); statusMessage("Deleted $numComments comments.");
JS; JS;
FormResponse::add($js);
return FormResponse::respond();
} }
function deleteall() { function deleteall() {
@ -168,11 +171,14 @@ JS;
} }
$msg = sprintf(_t('CommentAdmin.DELETED', 'Deleted %s comments.'), $numComments); $msg = sprintf(_t('CommentAdmin.DELETED', 'Deleted %s comments.'), $numComments);
echo <<<JS $js = <<<JS
$('Form_EditForm').getPageFromServer($('Form_EditForm_ID').value); $('Form_EditForm').getPageFromServer($('Form_EditForm_ID').value);
statusMessage("$msg"); statusMessage("$msg");
JS; JS;
FormResponse::add($js);
return FormResponse::respond();
} }
function spammarked() { function spammarked() {
@ -207,11 +213,13 @@ JS;
} }
$msg = sprintf(_t('CommentAdmin.MARKEDSPAM', 'Marked %s comments as spam.'), $numComments); $msg = sprintf(_t('CommentAdmin.MARKEDSPAM', 'Marked %s comments as spam.'), $numComments);
echo <<<JS $js = <<<JS
$deleteList $deleteList
$('Form_EditForm').getPageFromServer($('Form_EditForm_ID').value); $('Form_EditForm').getPageFromServer($('Form_EditForm_ID').value);
statusMessage("$msg"); statusMessage("$msg");
JS; JS;
FormResponse::add($js);
return FormResponse::respond();
} }
function hammarked() { function hammarked() {
@ -247,11 +255,13 @@ JS;
} }
$msg = sprintf(_t('CommentAdmin.MARKEDNOTSPAM', 'Marked %s comments as not spam.'), $numComments); $msg = sprintf(_t('CommentAdmin.MARKEDNOTSPAM', 'Marked %s comments as not spam.'), $numComments);
echo <<<JS $js = <<<JS
$deleteList $deleteList
$('Form_EditForm').getPageFromServer($('Form_EditForm_ID').value); $('Form_EditForm').getPageFromServer($('Form_EditForm_ID').value);
statusMessage("$msg"); statusMessage("$msg");
JS; JS;
FormResponse::add($js);
return FormResponse::respond();
} }
function acceptmarked() { function acceptmarked() {
@ -274,11 +284,14 @@ JS;
} }
$msg = sprintf(_t('CommentAdmin.APPROVED', 'Accepted %s comments.'), $numComments); $msg = sprintf(_t('CommentAdmin.APPROVED', 'Accepted %s comments.'), $numComments);
echo <<<JS $js = <<<JS
$deleteList $deleteList
$('Form_EditForm').getPageFromServer($('Form_EditForm_ID').value); $('Form_EditForm').getPageFromServer($('Form_EditForm_ID').value);
statusMessage("Accepted $numComments comments."); statusMessage("Accepted $numComments comments.");
JS; JS;
FormResponse::add($js);
return FormResponse::respond();
} }
/** /**

View File

@ -831,13 +831,14 @@ JS;
public function addTreeNodeJS($page, $select = false) { public function addTreeNodeJS($page, $select = false) {
$parentID = (int)$page->ParentID; $parentID = (int)$page->ParentID;
$title = Convert::raw2js($page->TreeTitle()); $title = Convert::raw2js($page->TreeTitle());
$response = <<<JS $js = <<<JS
var newNode = $('sitetree').createTreeNode($page->ID, "$title", "$page->class"); var newNode = $('sitetree').createTreeNode($page->ID, "$title", "$page->class");
var parentNode = $('sitetree').getTreeNodeByIdx($parentID); var parentNode = $('sitetree').getTreeNodeByIdx($parentID);
if(parentNode) parentNode.appendTreeNode(newNode); if(parentNode) parentNode.appendTreeNode(newNode);
JS; JS;
$response .= ($select ? "newNode.selectTreeNode();\n" : "") ; $js .= ($select ? "newNode.selectTreeNode();\n" : "") ;
return $response; FormResponse::add($js);
return FormResponse::respond();
} }
/** /**
* Returns a javascript snippet to remove a tree node for the given page, if it exists. * Returns a javascript snippet to remove a tree node for the given page, if it exists.
@ -846,7 +847,7 @@ JS;
*/ */
public function deleteTreeNodeJS($page) { public function deleteTreeNodeJS($page) {
$id = $page->ID ? $page->ID : $page->OldID; $id = $page->ID ? $page->ID : $page->OldID;
$response = <<<JS $js = <<<JS
var node = $('sitetree').getTreeNodeByIdx($id); var node = $('sitetree').getTreeNodeByIdx($id);
if(node && node.parentTreeNode) node.parentTreeNode.removeTreeNode(node); if(node && node.parentTreeNode) node.parentTreeNode.removeTreeNode(node);
$('Form_EditForm').closeIfSetTo($id); $('Form_EditForm').closeIfSetTo($id);
@ -857,7 +858,8 @@ JS;
$this->setCurrentPageID(null); $this->setCurrentPageID(null);
} }
return $response; FormResponse::add($js);
return FormResponse::respond();
} }
/** /**

View File

@ -321,7 +321,6 @@ addfolder.prototype = {
return false; return false;
}, },
onSuccess: function(response) { onSuccess: function(response) {
Ajax.Evaluator(response);
// Make it possible to drop files into the new folder // Make it possible to drop files into the new folder
DropFileItem.applyTo('#sitetree li'); DropFileItem.applyTo('#sitetree li');
}, },
@ -456,7 +455,6 @@ var deletefolder = {
}, },
submit_success: function(response) { submit_success: function(response) {
Ajax.Evaluator(response);
treeactions.closeSelection($('deletepage')); treeactions.closeSelection($('deletepage'));
} }
}; };

View File

@ -131,7 +131,6 @@ addpageclass.prototype = {
var suffix = _NEW_PAGES[parentID]++; var suffix = _NEW_PAGES[parentID]++;
Ajax.SubmitForm(_HANDLER_FORMS.addpage, "action_addpage", { Ajax.SubmitForm(_HANDLER_FORMS.addpage, "action_addpage", {
onSuccess : Ajax.Evaluator,
onFailure : function(response) { if (response.status == 403) { onFailure : function(response) { if (response.status == 403) {
alert('You cannot add that page at that location.'); alert('You cannot add that page at that location.');
}}, }},
@ -592,7 +591,6 @@ publishpage.prototype = {
// Submit form // Submit form
Ajax.SubmitForm(this, null, { Ajax.SubmitForm(this, null, {
onSuccess : function(response) { onSuccess : function(response) {
Ajax.Evaluator(response);
$('batchactions_go').className = ''; $('batchactions_go').className = '';
batchActionGlobals.deselectAll(); batchActionGlobals.deselectAll();
}, },
@ -639,7 +637,6 @@ deletepage.prototype = {
$('Form_DeleteItemsForm_action_deleteitems').className = 'loading'; $('Form_DeleteItemsForm_action_deleteitems').className = 'loading';
Ajax.SubmitForm(this, null, { Ajax.SubmitForm(this, null, {
onSuccess : function(response) { onSuccess : function(response) {
Ajax.Evaluator(response);
$('Form_DeleteItemsForm_action_deleteitems').className = ''; $('Form_DeleteItemsForm_action_deleteitems').className = '';
treeactions.closeSelection($('batchactions')); treeactions.closeSelection($('batchactions'));
}, },

View File

@ -8,7 +8,6 @@ function action_revert_right() {
$('Form_EditForm_action_revert').value = ss.i18n._t('CMSMAIN.RESTORING'); $('Form_EditForm_action_revert').value = ss.i18n._t('CMSMAIN.RESTORING');
$('Form_EditForm_action_revert').className = 'action loading'; $('Form_EditForm_action_revert').className = 'action loading';
Ajax.SubmitForm('Form_EditForm', 'action_revert', { Ajax.SubmitForm('Form_EditForm', 'action_revert', {
onSuccess : Ajax.Evaluator,
onFailure : function(response) { onFailure : function(response) {
errorMessage(ss.i18n._t('CMSMAIN.ERRORREVERTING'), response); errorMessage(ss.i18n._t('CMSMAIN.ERRORREVERTING'), response);
} }

View File

@ -302,7 +302,6 @@ function prepareAjaxActions(actions, formName, tabName) {
} else { } else {
statusMessage('...'); statusMessage('...');
Ajax.SubmitForm(this.ownerForm, this.name, { Ajax.SubmitForm(this.ownerForm, this.name, {
onSuccess: Ajax.Evaluator,
onFailure: ajaxErrorHandler onFailure: ajaxErrorHandler
}); });
} }
@ -333,7 +332,6 @@ function ajaxSubmitForm(automated, callAfter, form, action, verb) {
statusMessage(verb + '...', '', true); statusMessage(verb + '...', '', true);
var success = function(response) { var success = function(response) {
Ajax.Evaluator(response);
if(callAfter) callAfter(); if(callAfter) callAfter();
} }
@ -364,10 +362,6 @@ function ajaxSubmitFieldSet(href, fieldSet, extraData) {
// Send request // Send request
new Ajax.Request(href, { new Ajax.Request(href, {
method : 'post', postBody : data, method : 'post', postBody : data,
onSuccess : function(response) {
//alert(response.responseText);
Ajax.Evaluator(response);
},
onFailure : function(response) { onFailure : function(response) {
alert(response.responseText); alert(response.responseText);
//errorMessage('Error: ', response); //errorMessage('Error: ', response);
@ -382,7 +376,6 @@ function ajaxLink(href) {
// Send request // Send request
new Ajax.Request(href + (href.indexOf("?") == -1 ? "?" : "&") + "ajax=1", { new Ajax.Request(href + (href.indexOf("?") == -1 ? "?" : "&") + "ajax=1", {
method : 'get', method : 'get',
onSuccess : Ajax.Evaluator,
onFailure : ajaxErrorHandler onFailure : ajaxErrorHandler
}); });
} }

View File

@ -286,7 +286,6 @@ TreeNodeAPI.prototype = {
new Ajax.Request(url, { new Ajax.Request(url, {
method : 'get', method : 'get',
onSuccess : Ajax.Evaluator,
onFailure : function(response) { onFailure : function(response) {
errorMessage('Error: ', response); errorMessage('Error: ', response);
} }
@ -297,7 +296,6 @@ TreeNodeAPI.prototype = {
var url = baseHref() + 'admin/duplicatewithchildren/' + this.getIdx() + '?ajax=1&SecurityID=' + token; var url = baseHref() + 'admin/duplicatewithchildren/' + this.getIdx() + '?ajax=1&SecurityID=' + token;
new Ajax.Request(url, { new Ajax.Request(url, {
method : 'get', method : 'get',
onSuccess : Ajax.Evaluator,
onFailure : function(response) { onFailure : function(response) {
errorMessage('Error: ', response); errorMessage('Error: ', response);
} }
@ -431,7 +429,6 @@ SiteTreeNode.prototype = {
new Ajax.Request(SiteTreeHandlers.parentChanged_url, { new Ajax.Request(SiteTreeHandlers.parentChanged_url, {
method : 'post', method : 'post',
postBody : 'ID=' + node.getIdx() + '&ParentID=' + newParent.getIdx() + '&CurrentlyOpenPageID=' + currentlyOpenPageID + '&SecurityID=' + token, postBody : 'ID=' + node.getIdx() + '&ParentID=' + newParent.getIdx() + '&CurrentlyOpenPageID=' + currentlyOpenPageID + '&SecurityID=' + token,
onSuccess : Ajax.Evaluator,
onFailure : function(response) { onFailure : function(response) {
errorMessage('error saving parent', response); errorMessage('error saving parent', response);
} }

View File

@ -103,7 +103,7 @@ CMSForm.prototype = {
} }
if(response && evalResponse) { if(response && evalResponse) {
Ajax.Evaluator(response); // no-op, has already been evaluated by prototype.js
} else { } else {
this.innerHTML = rightHTML; this.innerHTML = rightHTML;
} }
@ -178,8 +178,6 @@ CMSForm.prototype = {
} }
var success = function(response) { var success = function(response) {
Ajax.Evaluator(response);
__form.resetElements(); __form.resetElements();
if(__callAfter) __callAfter(); if(__callAfter) __callAfter();
if(__form.notify && __form.elements.ID != undefined) __form.notify('PageSaved', __form.elements.ID.value); if(__form.notify && __form.elements.ID != undefined) __form.notify('PageSaved', __form.elements.ID.value);

View File

@ -66,8 +66,7 @@ PageCommentInterface.prototype = {
//need to check if there is actually a spam question to change first //need to check if there is actually a spam question to change first
if(form.elements.Math){ if(form.elements.Math){
new Ajax.Request(document.getElementsByTagName('base')[0].href+'PageCommentInterface_Controller/newspamquestion', { new Ajax.Request(document.getElementsByTagName('base')[0].href+'PageCommentInterface_Controller/newspamquestion', {
onSuccess: loadSpamQuestion, onSuccess: loadSpamQuestion
onFailure: Ajax.Evaluator
}); });
} }

View File

@ -25,7 +25,6 @@ var addgroup = {
var st = $('sitetree'); var st = $('sitetree');
$('addgroup_options').elements.ParentID.value = st.firstSelected() ? st.getIdxOf(st.firstSelected()) : 0; $('addgroup_options').elements.ParentID.value = st.firstSelected() ? st.getIdxOf(st.firstSelected()) : 0;
Ajax.SubmitForm('addgroup_options', null, { Ajax.SubmitForm('addgroup_options', null, {
onSuccess : Ajax.Evaluator,
onFailure : function(response) { onFailure : function(response) {
errorMessage('Error adding page', response); errorMessage('Error adding page', response);
} }
@ -113,8 +112,6 @@ var deletegroup = {
Ajax.SubmitForm('deletegroup_options', null, { Ajax.SubmitForm('deletegroup_options', null, {
onSuccess : function(response) { onSuccess : function(response) {
Ajax.Evaluator(response);
var sel; var sel;
if((sel = $('sitetree').firstSelected()) && sel.parentNode) sel.addNodeClass('current'); if((sel = $('sitetree').firstSelected()) && sel.parentNode) sel.addNodeClass('current');
else $('Form_EditForm').innerHTML = ""; else $('Form_EditForm').innerHTML = "";

View File

@ -11,10 +11,7 @@ Behaviour.register({
url += "&locale=" + $('Form_EditForm_Locale').value; url += "&locale=" + $('Form_EditForm_Locale').value;
url += "&SecurityID=" + $$('input[name=SecurityID]')[0].value; url += "&SecurityID=" + $$('input[name=SecurityID]')[0].value;
new Ajax.Request( url, { new Ajax.Request(url);
onSuccess: Ajax.Evaluator,
onFailure: Ajax.Evaluator
});
return false; return false;
} }