backend handler: require CSRF, remove obsolete code

This commit is contained in:
Andrew Dolgov 2020-09-15 18:08:08 +03:00
parent 154417d80b
commit 0a142912d3
2 changed files with 12 additions and 84 deletions

View File

@ -1,12 +1,6 @@
<?php <?php
class Backend extends Handler { class Backend extends Handler_Protected {
function loading() { /* function digestTest() {
header("Content-type: text/html");
print __("Loading, please wait...") . " " .
"<img src='images/indicator_tiny.gif'>";
}
function digestTest() {
if (isset($_SESSION['uid'])) { if (isset($_SESSION['uid'])) {
header("Content-type: text/html"); header("Content-type: text/html");
@ -19,73 +13,7 @@ class Backend extends Handler {
} else { } else {
print error_json(6); print error_json(6);
} }
} } */
private function display_main_help() {
$info = get_hotkeys_info();
$imap = get_hotkeys_map();
$omap = array();
foreach ($imap[1] as $sequence => $action) {
if (!isset($omap[$action])) $omap[$action] = array();
array_push($omap[$action], $sequence);
}
print "<ul class='panel panel-scrollable hotkeys-help' style='height : 300px'>";
print "<h2>" . __("Keyboard Shortcuts") . "</h2>";
foreach ($info as $section => $hotkeys) {
print "<li><hr></li>";
print "<li><h3>" . $section . "</h3></li>";
foreach ($hotkeys as $action => $description) {
if (is_array($omap[$action])) {
foreach ($omap[$action] as $sequence) {
if (strpos($sequence, "|") !== FALSE) {
$sequence = substr($sequence,
strpos($sequence, "|")+1,
strlen($sequence));
} else {
$keys = explode(" ", $sequence);
for ($i = 0; $i < count($keys); $i++) {
if (strlen($keys[$i]) > 1) {
$tmp = '';
foreach (str_split($keys[$i]) as $c) {
switch ($c) {
case '*':
$tmp .= __('Shift') . '+';
break;
case '^':
$tmp .= __('Ctrl') . '+';
break;
default:
$tmp .= $c;
}
}
$keys[$i] = $tmp;
}
}
$sequence = join(" ", $keys);
}
print "<li>";
print "<div class='hk'><code>$sequence</code></div>";
print "<div class='desc'>$description</div>";
print "</li>";
}
}
}
}
print "</ul>";
}
function help() { function help() {
$topic = basename(clean($_REQUEST["topic"])); // only one for now $topic = basename(clean($_REQUEST["topic"])); // only one for now

View File

@ -300,19 +300,19 @@ const App = {
} }
}, },
helpDialog: function(topic) { helpDialog: function(topic) {
const query = "backend.php?op=backend&method=help&topic=" + encodeURIComponent(topic);
if (dijit.byId("helpDlg")) if (dijit.byId("helpDlg"))
dijit.byId("helpDlg").destroyRecursive(); dijit.byId("helpDlg").destroyRecursive();
xhrPost("backend.php", {op: "backend", method: "help", topic: topic}, (transport) => {
const dialog = new dijit.Dialog({ const dialog = new dijit.Dialog({
id: "helpDlg", id: "helpDlg",
title: __("Help"), title: __("Help"),
style: "width: 600px", style: "width: 600px",
href: query, content: transport.responseText,
}); });
dialog.show(); dialog.show();
});
}, },
displayDlg: function(title, id, param, callback) { displayDlg: function(title, id, param, callback) {
Notify.progress("Loading, please wait...", true); Notify.progress("Loading, please wait...", true);