banananetwork
/
tt-rss
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Feeds: load quickaddfeed and search dialogs via XHR w/ CSRF protection

Browse Source
master
Andrew Dolgov 4 years ago
parent 8080c525fd
commit cbcb10a272
3 changed files with 134 additions and 127 deletions
Show Stats Download Patch File Download Diff File

2
classes/feeds.php
Unescape Escape View File

@ -8,7 +8,7 @@ class Feeds extends Handler_Protected {
private $params; private $params;
function csrf_ignore($method) { function csrf_ignore($method) {
$csrf_ignored = array("index", "quickaddfeed", "search"); $csrf_ignored = array("index");
return array_search($method, $csrf_ignored) !== false; return array_search($method, $csrf_ignored) !== false;
} }

8
js/CommonDialogs.js
Unescape Escape View File

@ -75,16 +75,20 @@ const CommonDialogs = {
return false; return false;
}, },
quickAddFeed: function() { quickAddFeed: function() {
const query = "backend.php?op=feeds&method=quickAddFeed";
// overlapping widgets // overlapping widgets
if (dijit.byId("batchSubDlg")) dijit.byId("batchSubDlg").destroyRecursive(); if (dijit.byId("batchSubDlg")) dijit.byId("batchSubDlg").destroyRecursive();
if (dijit.byId("feedAddDlg")) dijit.byId("feedAddDlg").destroyRecursive(); if (dijit.byId("feedAddDlg")) dijit.byId("feedAddDlg").destroyRecursive();
xhrPost("backend.php",
{op: "feeds", method: "quickAddFeed"},
(transport) => {
const dialog = new dijit.Dialog({ const dialog = new dijit.Dialog({
id: "feedAddDlg", id: "feedAddDlg",
title: __("Subscribe to Feed"), title: __("Subscribe to Feed"),
style: "width: 600px", style: "width: 600px",
content: transport.responseText,
show_error: function (msg) { show_error: function (msg) {
const elem = $("fadd_error_message"); const elem = $("fadd_error_message");
@ -181,10 +185,10 @@ const CommonDialogs = {
}); });
} }
}, },
href: query
}); });
dialog.show(); dialog.show();
});
}, },
showFeedsWithErrors: function() { showFeedsWithErrors: function() {
const query = {op: "pref-feeds", method: "feedsWithErrors"}; const query = {op: "pref-feeds", method: "feedsWithErrors"};

11
js/Feeds.js
Unescape Escape View File

@ -552,14 +552,16 @@ const Feeds = {
return tree.model.store.getValue(nuf, 'bare_id'); return tree.model.store.getValue(nuf, 'bare_id');
}, },
search: function() { search: function() {
const query = "backend.php?op=feeds&method=search&param=" +
encodeURIComponent(Feeds.getActive() + ":" + Feeds.activeIsCat());
if (dijit.byId("searchDlg")) if (dijit.byId("searchDlg"))
dijit.byId("searchDlg").destroyRecursive(); dijit.byId("searchDlg").destroyRecursive();
xhrPost("backend.php",
{op: "feeds", method: "search",
param: Feeds.getActive() + ":" + Feeds.activeIsCat()},
(transport) => {
const dialog = new dijit.Dialog({ const dialog = new dijit.Dialog({
id: "searchDlg", id: "searchDlg",
content: transport.responseText,
title: __("Search"), title: __("Search"),
style: "width: 600px", style: "width: 600px",
execute: function () { execute: function () {
@ -574,7 +576,6 @@ const Feeds = {
Feeds.reloadCurrent(); Feeds.reloadCurrent();
} }
}, },
href: query
}); });
const tmph = dojo.connect(dialog, 'onLoad', function () { const tmph = dojo.connect(dialog, 'onLoad', function () {
@ -593,6 +594,8 @@ const Feeds = {
}); });
dialog.show(); dialog.show();
});
}, },
updateRandom: function() { updateRandom: function() {
console.log("in update_random_feed"); console.log("in update_random_feed");

Write Preview
Loading…
Cancel
Save