BUG Fix regressions in missing CSRF on print button

This commit is contained in:
Damian Mooyman 2016-02-26 15:49:28 +13:00
parent 11ad3e17c1
commit 99ca2aa23d

View File

@ -149,7 +149,39 @@
this.getGridField().reload({data: [{name: this.attr('name'), value: this.val(), filter: filterState}]}); this.getGridField().reload({data: [{name: this.attr('name'), value: this.val(), filter: filterState}]});
e.preventDefault(); e.preventDefault();
},
/**
* Get the url this action should submit to
*/
actionurl: function() {
var btn = this.closest(':button'), grid = this.getGridField(),
form = this.closest('form'), data = form.find(':input.gridstate').serialize(),
csrf = form.find('input[name="SecurityID"]').val();
// Add current button
data += "&" + encodeURIComponent(btn.attr('name')) + '=' + encodeURIComponent(btn.val());
// Add csrf
if(csrf) {
data += "&SecurityID=" + encodeURIComponent(csrf);
} }
// Include any GET parameters from the current URL, as the view
// state might depend on it. For example, a list pre-filtered
// through external search criteria might be passed to GridField.
if(window.location.search) {
data = window.location.search.replace(/^\?/, '') + '&' + data;
}
// decide whether we should use ? or & to connect the URL
var connector = grid.data('url').indexOf('?') == -1 ? '?' : '&';
return $.path.makeUrlAbsolute(
grid.data('url') + connector + data,
$('base').attr('href')
);
}
}); });
/** /**
@ -202,30 +234,9 @@
this._super(); this._super();
}, },
onclick: function(e){ onclick: function(e){
var btn = this.closest(':button'), grid = this.getGridField(), var url = this.actionurl();
form = this.closest('form'), data = form.find(':input.gridstate').serialize();; window.open(url);
e.preventDefault();
// Add current button
data += "&" + encodeURIComponent(btn.attr('name')) + '=' + encodeURIComponent(btn.val());
// Include any GET parameters from the current URL, as the view
// state might depend on it.
// For example, a list prefiltered through external search criteria
// might be passed to GridField.
if(window.location.search) {
data = window.location.search.replace(/^\?/, '') + '&' + data;
}
// decide whether we should use ? or & to connect the URL
var connector = grid.data('url').indexOf('?') == -1 ? '?' : '&';
var url = $.path.makeUrlAbsolute(
grid.data('url') + connector + data,
$('base').attr('href')
);
var newWindow = window.open(url);
return false; return false;
} }
}); });
@ -253,33 +264,8 @@
*/ */
$('.ss-gridfield .action.no-ajax').entwine({ $('.ss-gridfield .action.no-ajax').entwine({
onclick: function(e){ onclick: function(e){
var self = this, btn = this.closest(':button'), grid = this.getGridField(), window.location.href = this.actionurl();
form = this.closest('form'), data = form.find(':input.gridstate').serialize(), e.preventDefault();
csrf = form.find('input[name="SecurityID"]').val();
// Add current button
data += "&" + encodeURIComponent(btn.attr('name')) + '=' + encodeURIComponent(btn.val());
// Add csrf
if(csrf) {
data += "&SecurityID=" + encodeURIComponent(csrf);
}
// Include any GET parameters from the current URL, as the view
// state might depend on it. For example, a list pre-filtered
// through external search criteria might be passed to GridField.
if(window.location.search) {
data = window.location.search.replace(/^\?/, '') + '&' + data;
}
// decide whether we should use ? or & to connect the URL
var connector = grid.data('url').indexOf('?') == -1 ? '?' : '&';
window.location.href = $.path.makeUrlAbsolute(
grid.data('url') + connector + data,
$('base').attr('href')
);
return false; return false;
} }
}); });