Feeds: load quickaddfeed and search dialogs via XHR w/ CSRF protection
This commit is contained in:
Andrew Dolgov
parent
8080c525fd
commit
cbcb10a272
|
|
@ -8,7 +8,7 @@ class Feeds extends Handler_Protected {
|
|||
private $params;
|
||||
|
||||
function csrf_ignore($method) {
|
||||
$csrf_ignored = array("index", "quickaddfeed", "search");
|
||||
$csrf_ignored = array("index");
|
||||
|
||||
return array_search($method, $csrf_ignored) !== false;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -75,16 +75,20 @@ const CommonDialogs = {
|
|||
return false;
|
||||
},
|
||||
quickAddFeed: function() {
|
||||
const query = "backend.php?op=feeds&method=quickAddFeed";
|
||||
|
||||
// overlapping widgets
|
||||
if (dijit.byId("batchSubDlg")) dijit.byId("batchSubDlg").destroyRecursive();
|
||||
if (dijit.byId("feedAddDlg")) dijit.byId("feedAddDlg").destroyRecursive();
|
||||
|
||||
xhrPost("backend.php",
|
||||
{op: "feeds", method: "quickAddFeed"},
|
||||
(transport) => {
|
||||
|
||||
const dialog = new dijit.Dialog({
|
||||
id: "feedAddDlg",
|
||||
title: __("Subscribe to Feed"),
|
||||
style: "width: 600px",
|
||||
content: transport.responseText,
|
||||
show_error: function (msg) {
|
||||
const elem = $("fadd_error_message");
|
||||
|
||||
|
|
@ -181,10 +185,10 @@ const CommonDialogs = {
|
|||
});
|
||||
}
|
||||
},
|
||||
href: query
|
||||
});
|
||||
|
||||
dialog.show();
|
||||
});
|
||||
},
|
||||
showFeedsWithErrors: function() {
|
||||
const query = {op: "pref-feeds", method: "feedsWithErrors"};
|
||||
|
|
|
|||
11
js/Feeds.js
11
js/Feeds.js
|
|
@ -552,14 +552,16 @@ const Feeds = {
|
|||
return tree.model.store.getValue(nuf, 'bare_id');
|
||||
},
|
||||
search: function() {
|
||||
const query = "backend.php?op=feeds&method=search¶m=" +
|
||||
encodeURIComponent(Feeds.getActive() + ":" + Feeds.activeIsCat());
|
||||
|
||||
if (dijit.byId("searchDlg"))
|
||||
dijit.byId("searchDlg").destroyRecursive();
|
||||
|
||||
xhrPost("backend.php",
|
||||
{op: "feeds", method: "search",
|
||||
param: Feeds.getActive() + ":" + Feeds.activeIsCat()},
|
||||
(transport) => {
|
||||
const dialog = new dijit.Dialog({
|
||||
id: "searchDlg",
|
||||
content: transport.responseText,
|
||||
title: __("Search"),
|
||||
style: "width: 600px",
|
||||
execute: function () {
|
||||
|
|
@ -574,7 +576,6 @@ const Feeds = {
|
|||
Feeds.reloadCurrent();
|
||||
}
|
||||
},
|
||||
href: query
|
||||
});
|
||||
|
||||
const tmph = dojo.connect(dialog, 'onLoad', function () {
|
||||
|
|
@ -593,6 +594,8 @@ const Feeds = {
|
|||
});
|
||||
|
||||
dialog.show();
|
||||
});
|
||||
|
||||
},
|
||||
updateRandom: function() {
|
||||
console.log("in update_random_feed");
|
||||
|
|
|
|||
Loading…
Reference in New Issue