tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

BUG Fix regressions in missing CSRF on print button

Browse Source
This commit is contained in:
Damian Mooyman 2016-02-26 15:49:28 +13:00
parent 3dc0d0ee89
commit cc95703b18
1 changed files with 48 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

110
javascript/GridField.js
View File

@ -22,7 +22,7 @@
if(window.location.search) { if(window.location.search) {
ajaxOpts.data = window.location.search.replace(/^\?/, '') + '&' + $.param(ajaxOpts.data); ajaxOpts.data = window.location.search.replace(/^\?/, '') + '&' + $.param(ajaxOpts.data);
} }
// For browsers which do not support history.pushState like IE9, ss framework uses hash to track // For browsers which do not support history.pushState like IE9, ss framework uses hash to track
// the current location for PJAX, so for them we pass the query string stored in the hash instead // the current location for PJAX, so for them we pass the query string stored in the hash instead
if(!window.history || !window.history.pushState){ if(!window.history || !window.history.pushState){
@ -142,14 +142,46 @@
e.preventDefault(); e.preventDefault();
return; return;
} }
if(this.hasClass('ss-gridfield-button-close') || !(this.closest('.ss-gridfield').hasClass('show-filter'))){ if(this.hasClass('ss-gridfield-button-close') || !(this.closest('.ss-gridfield').hasClass('show-filter'))){
filterState='hidden'; filterState='hidden';
} }
this.getGridField().reload({data: [{name: this.attr('name'), value: this.val(), filter: filterState}]}); this.getGridField().reload({data: [{name: this.attr('name'), value: this.val(), filter: filterState}]});
e.preventDefault(); e.preventDefault();
},
/**
* Get the url this action should submit to
*/
actionurl: function() {
var btn = this.closest(':button'), grid = this.getGridField(),
form = this.closest('form'), data = form.find(':input.gridstate').serialize(),
csrf = form.find('input[name="SecurityID"]').val();
// Add current button
data += "&" + encodeURIComponent(btn.attr('name')) + '=' + encodeURIComponent(btn.val());
// Add csrf
if(csrf) {
data += "&SecurityID=" + encodeURIComponent(csrf);
}
// Include any GET parameters from the current URL, as the view
// state might depend on it. For example, a list pre-filtered
// through external search criteria might be passed to GridField.
if(window.location.search) {
data = window.location.search.replace(/^\?/, '') + '&' + data;
}
// decide whether we should use ? or & to connect the URL
var connector = grid.data('url').indexOf('?') == -1 ? '?' : '&';
return $.path.makeUrlAbsolute(
grid.data('url') + connector + data,
$('base').attr('href')
);
} }
}); });
/** /**
@ -180,7 +212,7 @@
} }
}); });
// Covers both tabular delete button, and the button on the detail form // Covers both tabular delete button, and the button on the detail form
$('.ss-gridfield .col-buttons .action.gridfield-button-delete, .cms-edit-form .Actions button.action.action-delete').entwine({ $('.ss-gridfield .col-buttons .action.gridfield-button-delete, .cms-edit-form .Actions button.action.action-delete').entwine({
onclick: function(e){ onclick: function(e){
if(!confirm(ss.i18n._t('TABLEFIELD.DELETECONFIRMMESSAGE'))) { if(!confirm(ss.i18n._t('TABLEFIELD.DELETECONFIRMMESSAGE'))) {
@ -191,7 +223,7 @@
} }
} }
}); });
$('.ss-gridfield .action.gridfield-button-print').entwine({ $('.ss-gridfield .action.gridfield-button-print').entwine({
UUID: null, UUID: null,
onmatch: function() { onmatch: function() {
@ -202,34 +234,13 @@
this._super(); this._super();
}, },
onclick: function(e){ onclick: function(e){
var btn = this.closest(':button'), grid = this.getGridField(), var url = this.actionurl();
form = this.closest('form'), data = form.find(':input.gridstate').serialize();; window.open(url);
e.preventDefault();
// Add current button
data += "&" + encodeURIComponent(btn.attr('name')) + '=' + encodeURIComponent(btn.val());
// Include any GET parameters from the current URL, as the view
// state might depend on it.
// For example, a list prefiltered through external search criteria
// might be passed to GridField.
if(window.location.search) {
data = window.location.search.replace(/^\?/, '') + '&' + data;
}
// decide whether we should use ? or & to connect the URL
var connector = grid.data('url').indexOf('?') == -1 ? '?' : '&';
var url = $.path.makeUrlAbsolute(
grid.data('url') + connector + data,
$('base').attr('href')
);
var newWindow = window.open(url);
return false; return false;
} }
}); });
$('.ss-gridfield-print-iframe').entwine({ $('.ss-gridfield-print-iframe').entwine({
onmatch: function(){ onmatch: function(){
this._super(); this._super();
@ -244,7 +255,7 @@
this._super(); this._super();
} }
}); });
/** /**
* Prevents actions from causing an ajax reload of the field. * Prevents actions from causing an ajax reload of the field.
* *
@ -253,33 +264,8 @@
*/ */
$('.ss-gridfield .action.no-ajax').entwine({ $('.ss-gridfield .action.no-ajax').entwine({
onclick: function(e){ onclick: function(e){
var self = this, btn = this.closest(':button'), grid = this.getGridField(), window.location.href = this.actionurl();
form = this.closest('form'), data = form.find(':input.gridstate').serialize(), e.preventDefault();
csrf = form.find('input[name="SecurityID"]').val();
// Add current button
data += "&" + encodeURIComponent(btn.attr('name')) + '=' + encodeURIComponent(btn.val());
// Add csrf
if(csrf) {
data += "&SecurityID=" + encodeURIComponent(csrf);
}
// Include any GET parameters from the current URL, as the view
// state might depend on it. For example, a list pre-filtered
// through external search criteria might be passed to GridField.
if(window.location.search) {
data = window.location.search.replace(/^\?/, '') + '&' + data;
}
// decide whether we should use ? or & to connect the URL
var connector = grid.data('url').indexOf('?') == -1 ? '?' : '&';
window.location.href = $.path.makeUrlAbsolute(
grid.data('url') + connector + data,
$('base').attr('href')
);
return false; return false;
} }
}); });
@ -321,7 +307,7 @@
if (this.data('selectable')) this.selectable('destroy'); if (this.data('selectable')) this.selectable('destroy');
} }
}); });
/** /**
* Catch submission event in filter input fields, and submit the correct button * Catch submission event in filter input fields, and submit the correct button
* rather than the whole form. * rather than the whole form.
@ -330,7 +316,7 @@
onmatch: function() { onmatch: function() {
var filterbtn = this.closest('.fieldgroup').find('.ss-gridfield-button-filter'), var filterbtn = this.closest('.fieldgroup').find('.ss-gridfield-button-filter'),
resetbtn = this.closest('.fieldgroup').find('.ss-gridfield-button-reset'); resetbtn = this.closest('.fieldgroup').find('.ss-gridfield-button-reset');
if(this.val()) { if(this.val()) {
filterbtn.addClass('filtered'); filterbtn.addClass('filtered');
resetbtn.addClass('filtered'); resetbtn.addClass('filtered');
@ -349,11 +335,11 @@
if(e.keyCode == '13') { if(e.keyCode == '13') {
var btns = this.closest('.filter-header').find('.ss-gridfield-button-filter'); var btns = this.closest('.filter-header').find('.ss-gridfield-button-filter');
var filterState='show'; //filterstate should equal current state. var filterState='show'; //filterstate should equal current state.
if(this.hasClass('ss-gridfield-button-close')||!(this.closest('.ss-gridfield').hasClass('show-filter'))){ if(this.hasClass('ss-gridfield-button-close')||!(this.closest('.ss-gridfield').hasClass('show-filter'))){
filterState='hidden'; filterState='hidden';
} }
this.getGridField().reload({data: [{name: btns.attr('name'), value: btns.val(), filter: filterState}]}); this.getGridField().reload({data: [{name: btns.attr('name'), value: btns.val(), filter: filterState}]});
return false; return false;
}else{ }else{
@ -375,7 +361,7 @@
}, },
type: "GET", type: "GET",
url: $(searchField).data('searchUrl'), url: $(searchField).data('searchUrl'),
data: encodeURIComponent(searchField.attr('name'))+'='+encodeURIComponent(searchField.val()), data: encodeURIComponent(searchField.attr('name'))+'='+encodeURIComponent(searchField.val()),
success: function(data) { success: function(data) {
response( $.map(JSON.parse(data), function( name, id ) { response( $.map(JSON.parse(data), function( name, id ) {
return { label: name, value: name, id: id }; return { label: name, value: name, id: id };