Nemcio/Grav-Admin-Plugin
1
0
Fork 0
mirror of https://github.com/getgrav/grav-plugin-admin.git synced 2026-01-03 22:31:12 +01:00
Code Issues Packages Projects Releases Activity

Add nonce to GravAdmin.config.admin_nonce to be used by JS. Drop jQuery DOM references to #admin-nonce

Browse Source
This commit is contained in:
Flavio Copes
2015-11-21 16:15:23 +01:00
parent fe69322279
commit e6cddea054
4 changed files with 18 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
classes/admin.php
View File

@@ -12,6 +12,7 @@ use Grav\Common\Plugins;
use Grav\Common\Themes;
use Grav\Common\Uri;
use Grav\Common\User\User;
use Grav\Common\Utils;
use RocketTheme\Toolbox\File\File;
use RocketTheme\Toolbox\File\JsonFile;
use RocketTheme\Toolbox\File\LogFile;
@@ -703,6 +704,17 @@ class Admin
return $parent_route;
}
/**
* Static helper method to return the admin form nonce
*
* @return string
*/
public static function getNonce()
{
$action = 'admin-form';
return Utils::getNonce($action);
}
/**
* Static helper method to return the last used page name
*

2
themes/grav/js/pages-all.js
View File

@@ -125,7 +125,7 @@ $(function(){
data: {
flags: flags,
query: query,
'admin-nonce': $('#admin-nonce').val()
'admin-nonce': GravAdmin.config.admin_nonce
},
toastErrors: true,
success: function (result, status) {

6
themes/grav/templates/forms/fields/pagemedia/pagemedia.html.twig
View File

@@ -60,7 +60,7 @@
previewTemplate: "<div class=\"dz-preview dz-file-preview\">\n <div class=\"dz-details\">\n <div class=\"dz-filename\"><span data-dz-name></span></div>\n <div class=\"dz-size\" data-dz-size></div>\n <img data-dz-thumbnail />\n </div>\n <div class=\"dz-progress\"><span class=\"dz-upload\" data-dz-uploadprogress></span></div>\n <div class=\"dz-success-mark\"><span>✔</span></div>\n <div class=\"dz-error-mark\"><span>✘</span></div>\n <div class=\"dz-error-message\"><span data-dz-errormessage></span></div>\n<a class=\"dz-remove\" href=\"javascript:undefined;\" data-dz-remove>Delete</a>\n<a class=\"dz-insert\" href=\"javascript:undefined;\" data-dz-insert>Insert</a>\n</div>",
init: function() {
thisDropzone = this;
$.get(URI + '/task{{ config.system.param_sep }}listmedia/admin-nonce:' + $('#admin-nonce').val(), function(data) {
$.get(URI + '/task{{ config.system.param_sep }}listmedia/admin-nonce:' + GravAdmin.config.admin_nonce, function(data) {
$.proxy(modalError, this, {
data: data,
@@ -109,7 +109,7 @@
this.on('removedfile', function(file) {
if (!file.accepted || file.rejected) return;
thisDropzone = this;
$.post(URI + '/task{{ config.system.param_sep }}delmedia', {filename: file.name, 'admin-nonce': $('#admin-nonce').val()}, function(data){
$.post(URI + '/task{{ config.system.param_sep }}delmedia', {filename: file.name, 'admin-nonce': GravAdmin.config.admin_nonce}, function(data){
$.proxy(modalError, thisDropzone, {
file: file,
data: data,
@@ -120,7 +120,7 @@
});
this.on('sending', function(file, xhr, formData){
formData.append('admin-nonce', $('#admin-nonce').val());
formData.append('admin-nonce', GravAdmin.config.admin_nonce);
});
}
};

3
themes/grav/templates/partials/javascript-config.html.twig
View File

@@ -4,6 +4,7 @@
base_url_relative: '{{ base_url_relative }}',
param_sep: '{{ config.system.param_sep }}',
enable_auto_updates_check: '{{ config.plugins.admin.enable_auto_updates_check }}',
admin_timeout: '{{ config.plugins.admin.session.timeout ?: 1800 }}'
admin_timeout: '{{ config.plugins.admin.session.timeout ?: 1800 }}',
admin_nonce: '{{ admin.getNonce }}'
};
</script>