Feeds: load quickaddfeed and search dialogs via XHR w/ CSRF protection

This commit is contained in:
Andrew Dolgov 2020-09-15 16:28:09 +03:00
parent 8080c525fd
commit cbcb10a272
3 changed files with 129 additions and 122 deletions

View File

@ -8,7 +8,7 @@ class Feeds extends Handler_Protected {
private $params;
function csrf_ignore($method) {
$csrf_ignored = array("index", "quickaddfeed", "search");
$csrf_ignored = array("index");
return array_search($method, $csrf_ignored) !== false;
}

View File

@ -75,16 +75,20 @@ const CommonDialogs = {
return false;
},
quickAddFeed: function() {
const query = "backend.php?op=feeds&method=quickAddFeed";
// overlapping widgets
if (dijit.byId("batchSubDlg")) dijit.byId("batchSubDlg").destroyRecursive();
if (dijit.byId("feedAddDlg")) dijit.byId("feedAddDlg").destroyRecursive();
xhrPost("backend.php",
{op: "feeds", method: "quickAddFeed"},
(transport) => {
const dialog = new dijit.Dialog({
id: "feedAddDlg",
title: __("Subscribe to Feed"),
style: "width: 600px",
content: transport.responseText,
show_error: function (msg) {
const elem = $("fadd_error_message");
@ -181,10 +185,10 @@ const CommonDialogs = {
});
}
},
href: query
});
dialog.show();
});
},
showFeedsWithErrors: function() {
const query = {op: "pref-feeds", method: "feedsWithErrors"};

View File

@ -552,14 +552,16 @@ const Feeds = {
return tree.model.store.getValue(nuf, 'bare_id');
},
search: function() {
const query = "backend.php?op=feeds&method=search&param=" +
encodeURIComponent(Feeds.getActive() + ":" + Feeds.activeIsCat());
if (dijit.byId("searchDlg"))
dijit.byId("searchDlg").destroyRecursive();
xhrPost("backend.php",
{op: "feeds", method: "search",
param: Feeds.getActive() + ":" + Feeds.activeIsCat()},
(transport) => {
const dialog = new dijit.Dialog({
id: "searchDlg",
content: transport.responseText,
title: __("Search"),
style: "width: 600px",
execute: function () {
@ -574,7 +576,6 @@ const Feeds = {
Feeds.reloadCurrent();
}
},
href: query
});
const tmph = dojo.connect(dialog, 'onLoad', function () {
@ -593,6 +594,8 @@ const Feeds = {
});
dialog.show();
});
},
updateRandom: function() {
console.log("in update_random_feed");