From 0a142912d3cf9ffa226b5b024b1cf5c7a150d7e2 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Tue, 15 Sep 2020 18:08:08 +0300
Subject: [PATCH] backend handler: require CSRF, remove obsolete code

---
 classes/backend.php | 78 ++-------------------------------------------
 js/App.js           | 18 +++++------
 2 files changed, 12 insertions(+), 84 deletions(-)

diff --git a/classes/backend.php b/classes/backend.php
index 5bd724728..dad40a269 100644
--- a/classes/backend.php
+++ b/classes/backend.php
@@ -1,12 +1,6 @@
 <?php
-class Backend extends Handler {
-	function loading() {
-		header("Content-type: text/html");
-		print __("Loading, please wait...") . " " .
-			"<img src='images/indicator_tiny.gif'>";
-	}
-
-	function digestTest() {
+class Backend extends Handler_Protected {
+	/* function digestTest() {
 		if (isset($_SESSION['uid'])) {
 			header("Content-type: text/html");
 
@@ -19,73 +13,7 @@ class Backend extends Handler {
 		} else {
 			print error_json(6);
 		}
-	}
-
-	private function display_main_help() {
-		$info = get_hotkeys_info();
-		$imap = get_hotkeys_map();
-		$omap = array();
-
-		foreach ($imap[1] as $sequence => $action) {
-			if (!isset($omap[$action])) $omap[$action] = array();
-
-			array_push($omap[$action], $sequence);
-		}
-
-		print "<ul class='panel panel-scrollable hotkeys-help' style='height : 300px'>";
-
-		print "<h2>" . __("Keyboard Shortcuts") . "</h2>";
-
-		foreach ($info as $section => $hotkeys) {
-
-			print "<li><hr></li>";
-			print "<li><h3>" . $section . "</h3></li>";
-
-			foreach ($hotkeys as $action => $description) {
-
-				if (is_array($omap[$action])) {
-					foreach ($omap[$action] as $sequence) {
-						if (strpos($sequence, "|") !== FALSE) {
-							$sequence = substr($sequence,
-								strpos($sequence, "|")+1,
-								strlen($sequence));
-						} else {
-							$keys = explode(" ", $sequence);
-
-							for ($i = 0; $i < count($keys); $i++) {
-								if (strlen($keys[$i]) > 1) {
-									$tmp = '';
-									foreach (str_split($keys[$i]) as $c) {
-										switch ($c) {
-										case '*':
-											$tmp .= __('Shift') . '+';
-											break;
-										case '^':
-											$tmp .= __('Ctrl') . '+';
-											break;
-										default:
-											$tmp .= $c;
-										}
-									}
-									$keys[$i] = $tmp;
-								}
-							}
-							$sequence = join(" ", $keys);
-						}
-
-						print "<li>";
-					 	print "<div class='hk'><code>$sequence</code></div>";
-					  	print "<div class='desc'>$description</div>";
-						print "</li>";
-					}
-				}
-			}
-		}
-
-		print "</ul>";
-
-
-	}
+	} */
 
 	function help() {
 		$topic = basename(clean($_REQUEST["topic"])); // only one for now
diff --git a/js/App.js b/js/App.js
index af21cc97f..03103845e 100644
--- a/js/App.js
+++ b/js/App.js
@@ -300,19 +300,19 @@ const App = {
       }
    },
    helpDialog: function(topic) {
-		const query = "backend.php?op=backend&method=help&topic=" + encodeURIComponent(topic);
-
 		if (dijit.byId("helpDlg"))
 			dijit.byId("helpDlg").destroyRecursive();
 
-		const dialog = new dijit.Dialog({
-			id: "helpDlg",
-			title: __("Help"),
-			style: "width: 600px",
-			href: query,
-		});
+	   xhrPost("backend.php", {op: "backend", method: "help", topic: topic}, (transport) => {
+		   const dialog = new dijit.Dialog({
+			   id: "helpDlg",
+			   title: __("Help"),
+			   style: "width: 600px",
+			   content: transport.responseText,
+		   });
 
-		dialog.show();
+		   dialog.show();
+	   });
 	},
 	displayDlg: function(title, id, param, callback) {
 		Notify.progress("Loading, please wait...", true);