diff --git a/classes/admin.php b/classes/admin.php index f43a623d..e97209b7 100644 --- a/classes/admin.php +++ b/classes/admin.php @@ -12,6 +12,7 @@ use Grav\Common\Plugins; use Grav\Common\Themes; use Grav\Common\Uri; use Grav\Common\User\User; +use Grav\Common\Utils; use RocketTheme\Toolbox\File\File; use RocketTheme\Toolbox\File\JsonFile; use RocketTheme\Toolbox\File\LogFile; @@ -703,6 +704,17 @@ class Admin return $parent_route; } + /** + * Static helper method to return the admin form nonce + * + * @return string + */ + public static function getNonce() + { + $action = 'admin-form'; + return Utils::getNonce($action); + } + /** * Static helper method to return the last used page name * diff --git a/themes/grav/js/pages-all.js b/themes/grav/js/pages-all.js index 8ed9167c..48c36e85 100644 --- a/themes/grav/js/pages-all.js +++ b/themes/grav/js/pages-all.js @@ -125,7 +125,7 @@ $(function(){ data: { flags: flags, query: query, - 'admin-nonce': $('#admin-nonce').val() + 'admin-nonce': GravAdmin.config.admin_nonce }, toastErrors: true, success: function (result, status) { diff --git a/themes/grav/templates/forms/fields/pagemedia/pagemedia.html.twig b/themes/grav/templates/forms/fields/pagemedia/pagemedia.html.twig index 09dfc5d7..8b808dd1 100644 --- a/themes/grav/templates/forms/fields/pagemedia/pagemedia.html.twig +++ b/themes/grav/templates/forms/fields/pagemedia/pagemedia.html.twig @@ -60,7 +60,7 @@ previewTemplate: "
\n
\n
\n
\n \n
\n
\n
\n
\n
\nDelete\nInsert\n
", init: function() { thisDropzone = this; - $.get(URI + '/task{{ config.system.param_sep }}listmedia/admin-nonce:' + $('#admin-nonce').val(), function(data) { + $.get(URI + '/task{{ config.system.param_sep }}listmedia/admin-nonce:' + GravAdmin.config.admin_nonce, function(data) { $.proxy(modalError, this, { data: data, @@ -109,7 +109,7 @@ this.on('removedfile', function(file) { if (!file.accepted || file.rejected) return; thisDropzone = this; - $.post(URI + '/task{{ config.system.param_sep }}delmedia', {filename: file.name, 'admin-nonce': $('#admin-nonce').val()}, function(data){ + $.post(URI + '/task{{ config.system.param_sep }}delmedia', {filename: file.name, 'admin-nonce': GravAdmin.config.admin_nonce}, function(data){ $.proxy(modalError, thisDropzone, { file: file, data: data, @@ -120,7 +120,7 @@ }); this.on('sending', function(file, xhr, formData){ - formData.append('admin-nonce', $('#admin-nonce').val()); + formData.append('admin-nonce', GravAdmin.config.admin_nonce); }); } }; diff --git a/themes/grav/templates/partials/javascript-config.html.twig b/themes/grav/templates/partials/javascript-config.html.twig index 5ee1078a..bb67cd1b 100644 --- a/themes/grav/templates/partials/javascript-config.html.twig +++ b/themes/grav/templates/partials/javascript-config.html.twig @@ -4,6 +4,7 @@ base_url_relative: '{{ base_url_relative }}', param_sep: '{{ config.system.param_sep }}', enable_auto_updates_check: '{{ config.plugins.admin.enable_auto_updates_check }}', - admin_timeout: '{{ config.plugins.admin.session.timeout ?: 1800 }}' + admin_timeout: '{{ config.plugins.admin.session.timeout ?: 1800 }}', + admin_nonce: '{{ admin.getNonce }}' };