From 1853fc864ae4532543ad515247251afa64364780 Mon Sep 17 00:00:00 2001 From: Will Rossiter Date: Tue, 5 Mar 2013 10:30:39 +1300 Subject: [PATCH] FIX: Do not blindly pass input values to GridField_FormAction URL's The length of input fields can very quickly exceed the max URI length resulting in 414 errors when printing or exporting results. To access the input values for a specific GridField action, encapsulate this in your own Entwine instance. --- javascript/GridField.js | 48 ++++++++++++++++++++++++++--------------- 1 file changed, 31 insertions(+), 17 deletions(-) diff --git a/javascript/GridField.js b/javascript/GridField.js index c06e3bdbb..6b372d411 100644 --- a/javascript/GridField.js +++ b/javascript/GridField.js @@ -157,16 +157,24 @@ }, onclick: function(e){ var btn = this.closest(':button'), grid = this.getGridField(), - form = this.closest('form'), data = form.find(':input').serialize(); + form = this.closest('form'), data = form.find(':input.gridstate').serialize();; // Add current button - data += '&' + encodeURIComponent(btn.attr('name')) + '=' + encodeURIComponent(btn.val()); + data += "&" + encodeURIComponent(btn.attr('name')) + '=' + encodeURIComponent(btn.val()); - // Include any GET parameters from the current URL, as the view state might depend on it. - // For example, a list prefiltered through external search criteria might be passed to GridField. - if(window.location.search) data = window.location.search.replace(/^\?/, '') + '&' + data; + // Include any GET parameters from the current URL, as the view + // state might depend on it. + // For example, a list prefiltered through external search criteria + // might be passed to GridField. + if(window.location.search) { + data = window.location.search.replace(/^\?/, '') + '&' + data; + } + + var url = $.path.makeUrlAbsolute( + grid.data('url') + '?' + data, + $('base').attr('href') + ); - var url = $.path.makeUrlAbsolute(grid.data('url') + '?' + data, $('base').attr('href')); var newWindow = window.open(url); return false; @@ -188,22 +196,30 @@ /** * Prevents actions from causing an ajax reload of the field. - * Useful e.g. for actions which rely on HTTP response headers being interpreted nativel - * by the browser, like file download triggers. + * + * Useful e.g. for actions which rely on HTTP response headers being + * interpreted natively by the browser, like file download triggers. */ $('.ss-gridfield .action.no-ajax').entwine({ onclick: function(e){ var self = this, btn = this.closest(':button'), grid = this.getGridField(), - form = this.closest('form'), data = form.find(':input').serialize(); + form = this.closest('form'), data = form.find(':input.gridstate').serialize(); // Add current button - data += '&' + encodeURIComponent(btn.attr('name')) + '=' + encodeURIComponent(btn.val()); + data += "&" + encodeURIComponent(btn.attr('name')) + '=' + encodeURIComponent(btn.val()); - // Include any GET parameters from the current URL, as the view state might depend on it. - // For example, a list prefiltered through external search criteria might be passed to GridField. - if(window.location.search) data = window.location.search.replace(/^\?/, '') + '&' + data; + // Include any GET parameters from the current URL, as the view + // state might depend on it. For example, a list pre-filtered + // through external search criteria might be passed to GridField. + if(window.location.search) { + data = window.location.search.replace(/^\?/, '') + '&' + data; + } + + window.location.href = $.path.makeUrlAbsolute( + grid.data('url') + '?' + data, + $('base').attr('href') + ); - window.location.href = $.path.makeUrlAbsolute(grid.data('url') + '?' + data, $('base').attr('href')); return false; } }); @@ -340,7 +356,5 @@ } } }); - }); - -}(jQuery)); +}(jQuery)); \ No newline at end of file