From 2e7e9cecd8d7d38ca394692d43f1b0200b950f8b Mon Sep 17 00:00:00 2001
From: FrancescoUK <francesco.lodolo.uk@gmail.com>
Date: Wed, 6 Jun 2018 21:28:52 +0100
Subject: [PATCH] Revert CSRF change (#2009)

---
 application/views/configs/locale_config.php   |  6 ++---
 .../views/configs/mailchimp_config.php        |  5 ++--
 application/views/customers/form.php          | 24 +++++++++----------
 application/views/giftcards/form.php          |  6 ++---
 application/views/partial/header_js.php       | 22 ++++-------------
 application/views/sales/form.php              | 10 ++++----
 6 files changed, 31 insertions(+), 42 deletions(-)

diff --git a/application/views/configs/locale_config.php b/application/views/configs/locale_config.php
index 5ac983086..c613886a4 100644
--- a/application/views/configs/locale_config.php
+++ b/application/views/configs/locale_config.php
@@ -234,7 +234,7 @@ $(document).ready(function()
 		var data = { number_locale: $('#number_locale').val() };
 		data[field] = value;
 		$.post("<?php echo site_url($controller_name . '/ajax_check_number_locale')?>",
-			data,
+			$.extend(csrf_form_base(), data),
 			function(response) {
 				$('#number_locale_example').text(response.number_locale_example);
 			},
@@ -253,10 +253,10 @@ $(document).ready(function()
 				{
 					url: "<?php echo site_url($controller_name . '/ajax_check_number_locale')?>",
 					type: 'POST',
-					data: {
+					data: $.extend(csrf_form_base(), {
 						'number_locale': $('#number_locale').val(),
 						'thousands_separator': $('#thousands_separator').is(':checked')
-					},
+					}),
 					dataFilter: function(data) {
 						setup_csrf_token();
 						var response = JSON.parse(data);
diff --git a/application/views/configs/mailchimp_config.php b/application/views/configs/mailchimp_config.php
index 6be5ebd6d..6cbf2b060 100644
--- a/application/views/configs/mailchimp_config.php
+++ b/application/views/configs/mailchimp_config.php
@@ -50,9 +50,10 @@
 $(document).ready(function()
 {
 	$('#mailchimp_api_key').change(function() {
-		$.post("<?php echo site_url($controller_name . '/ajax_check_mailchimp_api_key')?>", {
+		$.post("<?php echo site_url($controller_name . '/ajax_check_mailchimp_api_key')?>",
+			$.extend(csrf_form_base(), {
 				'mailchimp_api_key': $('#mailchimp_api_key').val()
-			},
+			}),
 			function(response) {
 				$.notify(response.message, {type: response.success ? 'success' : 'danger'} );
 				$('#mailchimp_list_id').empty();
diff --git a/application/views/customers/form.php b/application/views/customers/form.php
index 2e11fb942..e08b4abea 100644
--- a/application/views/customers/form.php
+++ b/application/views/customers/form.php
@@ -454,38 +454,38 @@ $(document).ready(function()
 			first_name: 'required',
 			last_name: 'required',
 			consent: 'required',
-    		email:
+			email:
 			{
 				remote:
 				{
 					url: "<?php echo site_url($controller_name . '/ajax_check_email')?>",
 					type: 'POST',
-					data: {
+					data: $.extend(csrf_form_base(), {
 						'person_id': '<?php echo $person_info->person_id; ?>'
 						// email is posted by default
-					}
+					})
 				}
 			},
-    		account_number:
+			account_number:
 			{
 				remote:
 				{
 					url: "<?php echo site_url($controller_name . '/ajax_check_account_number')?>",
 					type: 'POST',
-					data: {
+					data: $.extend(csrf_form_base(), {
 						'person_id': '<?php echo $person_info->person_id; ?>'
 						// account_number is posted by default
-					}
+					})
 				}
 			}
-   		},
+		},
 
-		messages: 
+		messages:
 		{
-     		first_name: "<?php echo $this->lang->line('common_first_name_required'); ?>",
-     		last_name: "<?php echo $this->lang->line('common_last_name_required'); ?>",
-     		consent: "<?php echo $this->lang->line('customers_consent_required'); ?>",
-     		email: "<?php echo $this->lang->line('customers_email_duplicate'); ?>",
+			first_name: "<?php echo $this->lang->line('common_first_name_required'); ?>",
+			last_name: "<?php echo $this->lang->line('common_last_name_required'); ?>",
+			consent: "<?php echo $this->lang->line('customers_consent_required'); ?>",
+			email: "<?php echo $this->lang->line('customers_email_duplicate'); ?>",
 			account_number: "<?php echo $this->lang->line('customers_account_number_duplicate'); ?>"
 		}
 	}, form_support.error));
diff --git a/application/views/giftcards/form.php b/application/views/giftcards/form.php
index 6004b96e1..434a116cc 100644
--- a/application/views/giftcards/form.php
+++ b/application/views/giftcards/form.php
@@ -76,7 +76,7 @@ $(document).ready(function()
 		source: '<?php echo site_url("customers/suggest"); ?>',
 		minChars: 0,
 		delay: 15, 
-	   	cacheLength: 1,
+		cacheLength: 1,
 		appendTo: '.modal-content',
 		select: fill_value,
 		focus: fill_value
@@ -125,9 +125,9 @@ $(document).ready(function()
 				{
 					url: "<?php echo site_url($controller_name . '/ajax_check_number_giftcard')?>",
 					type: 'POST',
-					data: {
+					data: $.extend(csrf_form_base(), {
 						'amount': $('#giftcard_amount').val()
-					},
+					}),
 					dataFilter: function(data) {
 						setup_csrf_token();
 						var response = JSON.parse(data);
diff --git a/application/views/partial/header_js.php b/application/views/partial/header_js.php
index d7c565196..025cd157e 100644
--- a/application/views/partial/header_js.php
+++ b/application/views/partial/header_js.php
@@ -16,6 +16,8 @@
 		from: '<?php echo $this->config->item('notify_vertical_position'); ?>'
 	}});
 
+	var post = $.post;
+
 	var csrf_token = function() {
 		return Cookies.get('<?php echo $this->config->item('csrf_cookie_name'); ?>');
 	};
@@ -24,23 +26,9 @@
 		return { <?php echo $this->security->get_csrf_token_name(); ?> : function () { return csrf_token();  } };
 	};
 
-	var ajax = $.ajax;
-
-	$.ajax = function() {
-	    var args = arguments[0];
-
-		if (args['type'] && args['type'].toLowerCase() == 'post' && csrf_token()) {
-			if (typeof args['data'] === 'string')
-			{
-				args['data'] += $.param(csrf_form_base());
-			}
-			else
-			{
-				args['data'] = $.extend(args['data'], csrf_form_base());
-			}
-		}
-
-		return ajax.apply(this, arguments);
+	$.post = function() {
+		arguments[1] = csrf_token() ? $.extend(arguments[1], csrf_form_base()) : arguments[1];
+		post.apply(this, arguments);
 	};
 
 	var setup_csrf_token = function() {
diff --git a/application/views/sales/form.php b/application/views/sales/form.php
index 80ec82ba5..8f664541e 100755
--- a/application/views/sales/form.php
+++ b/application/views/sales/form.php
@@ -165,7 +165,7 @@ $(document).ready(function()
 	});
 
 	var submit_form = function()
-	{ 
+	{
 		$(this).ajaxSubmit(
 		{
 			success: function(response)
@@ -191,12 +191,12 @@ $(document).ready(function()
 				{
 					url: "<?php echo site_url($controller_name . '/check_invoice_number')?>",
 					type: 'POST',
-					data: {
-						'sale_id': <?php echo $sale_info['sale_id']; ?>,
-						'invoice_number': function() {
+					data: $.extend(csrf_form_base(), {
+						'sale_id' : <?php echo $sale_info['sale_id']; ?>,
+						'invoice_number' : function() {
 							return $('#invoice_number').val();
 						}
-					}
+					})
 				}
 			}
 		},