Restore CSRF change with & issue fix (#1990, #2009)

This commit is contained in:
FrancescoUK
2018-06-09 19:19:32 +01:00
parent ebdc1880d9
commit c6b5ff1934
6 changed files with 33 additions and 22 deletions

View File

@@ -234,7 +234,7 @@ $(document).ready(function()
var data = { number_locale: $('#number_locale').val() };
data[field] = value;
$.post("<?php echo site_url($controller_name . '/ajax_check_number_locale')?>",
$.extend(csrf_form_base(), data),
data,
function(response) {
$('#number_locale_example').text(response.number_locale_example);
},
@@ -253,10 +253,10 @@ $(document).ready(function()
{
url: "<?php echo site_url($controller_name . '/ajax_check_number_locale')?>",
type: 'POST',
data: $.extend(csrf_form_base(), {
data: {
'number_locale': $('#number_locale').val(),
'thousands_separator': $('#thousands_separator').is(':checked')
}),
},
dataFilter: function(data) {
setup_csrf_token();
var response = JSON.parse(data);

View File

@@ -50,10 +50,9 @@
$(document).ready(function()
{
$('#mailchimp_api_key').change(function() {
$.post("<?php echo site_url($controller_name . '/ajax_check_mailchimp_api_key')?>",
$.extend(csrf_form_base(), {
$.post("<?php echo site_url($controller_name . '/ajax_check_mailchimp_api_key')?>", {
'mailchimp_api_key': $('#mailchimp_api_key').val()
}),
},
function(response) {
$.notify(response.message, {type: response.success ? 'success' : 'danger'} );
$('#mailchimp_list_id').empty();

View File

@@ -460,10 +460,10 @@ $(document).ready(function()
{
url: "<?php echo site_url($controller_name . '/ajax_check_email')?>",
type: 'POST',
data: $.extend(csrf_form_base(), {
data: {
'person_id': '<?php echo $person_info->person_id; ?>'
// email is posted by default
})
}
}
},
account_number:
@@ -472,10 +472,10 @@ $(document).ready(function()
{
url: "<?php echo site_url($controller_name . '/ajax_check_account_number')?>",
type: 'POST',
data: $.extend(csrf_form_base(), {
data: {
'person_id': '<?php echo $person_info->person_id; ?>'
// account_number is posted by default
})
}
}
}
},

View File

@@ -76,7 +76,7 @@ $(document).ready(function()
source: '<?php echo site_url("customers/suggest"); ?>',
minChars: 0,
delay: 15,
cacheLength: 1,
cacheLength: 1,
appendTo: '.modal-content',
select: fill_value,
focus: fill_value
@@ -125,9 +125,9 @@ $(document).ready(function()
{
url: "<?php echo site_url($controller_name . '/ajax_check_number_giftcard')?>",
type: 'POST',
data: $.extend(csrf_form_base(), {
data: {
'amount': $('#giftcard_amount').val()
}),
},
dataFilter: function(data) {
setup_csrf_token();
var response = JSON.parse(data);

View File

@@ -16,8 +16,6 @@
from: '<?php echo $this->config->item('notify_vertical_position'); ?>'
}});
var post = $.post;
var csrf_token = function() {
return Cookies.get('<?php echo $this->config->item('csrf_cookie_name'); ?>');
};
@@ -26,9 +24,23 @@
return { <?php echo $this->security->get_csrf_token_name(); ?> : function () { return csrf_token(); } };
};
$.post = function() {
arguments[1] = csrf_token() ? $.extend(arguments[1], csrf_form_base()) : arguments[1];
post.apply(this, arguments);
var ajax = $.ajax;
$.ajax = function() {
var args = arguments[0];
if (args['type'] && args['type'].toLowerCase() == 'post' && csrf_token()) {
if (typeof args['data'] === 'string')
{
args['data'] += '&' + $.param(csrf_form_base());
}
else
{
args['data'] = $.extend(args['data'], csrf_form_base());
}
}
return ajax.apply(this, arguments);
};
var setup_csrf_token = function() {

View File

@@ -191,12 +191,12 @@ $(document).ready(function()
{
url: "<?php echo site_url($controller_name . '/check_invoice_number')?>",
type: 'POST',
data: $.extend(csrf_form_base(), {
'sale_id' : <?php echo $sale_info['sale_id']; ?>,
'invoice_number' : function() {
data: {
'sale_id': <?php echo $sale_info['sale_id']; ?>,
'invoice_number': function() {
return $('#invoice_number').val();
}
})
}
}
}
},