don't pass csrf token as a GET parameter to Article
This commit is contained in:
Andrew Dolgov
parent
e670ac2ee5
commit
aeaafefa07
|
|
@ -1002,6 +1002,7 @@
|
|||
$max_feed_id = $row["mid"];
|
||||
$num_feeds = $row["nf"];
|
||||
|
||||
$params["self_url_prefix"] = get_self_url_prefix();
|
||||
$params["max_feed_id"] = (int) $max_feed_id;
|
||||
$params["num_feeds"] = (int) $num_feeds;
|
||||
|
||||
|
|
|
|||
|
|
@ -131,16 +131,37 @@ const Article = {
|
|||
});
|
||||
},
|
||||
openInNewWindow: function (id) {
|
||||
const w = window.open("");
|
||||
|
||||
/* global __csrf_token */
|
||||
const w = window.open("");
|
||||
|
||||
if (w) {
|
||||
w.opener = null;
|
||||
w.location = "backend.php?op=article&method=redirect&id=" + id + "&csrf_token=" + __csrf_token;
|
||||
|
||||
const form = document.createElement("form");
|
||||
|
||||
form.setAttribute("method", "post");
|
||||
form.setAttribute("action", App.getInitParam("self_url_prefix") + "/backend.php");
|
||||
|
||||
/* global __csrf_token */
|
||||
|
||||
const params = { "op": "article", "method": "redirect", "id": id, "csrf_token": __csrf_token };
|
||||
|
||||
for (const [k,v] of Object.entries(params)) {
|
||||
const field = document.createElement("input");
|
||||
|
||||
field.setAttribute("name", k);
|
||||
field.setAttribute("value", v);
|
||||
field.setAttribute("type", "hidden");
|
||||
|
||||
form.appendChild(field);
|
||||
}
|
||||
|
||||
w.document.body.appendChild(form);
|
||||
form.submit();
|
||||
|
||||
Headlines.toggleUnread(id, 0);
|
||||
}
|
||||
|
||||
},
|
||||
render: function (article) {
|
||||
App.cleanupMemory("content-insert");
|
||||
|
|
|
|||
Loading…
Reference in New Issue