Release 3.2.2

Revert CSRF change (#2009 )
Bump version to 3.3.0 for next phase
2026-05-28 10:15:09 -04:00 · 2018-06-06 21:35:52 +01:00 · 2018-06-06 21:28:52 +01:00 · 2018-06-04 22:01:10 +01:00
12 changed files with 40 additions and 47 deletions
--- a/WHATS_NEW.txt
+++ b/WHATS_NEW.txt
@@ -1,3 +1,7 @@
+Version 3.2.2
+-------------
+ Revert CSRF change causing regression
+
 Version 3.2.1
 -------------
 + Support for GDPR
--- a/application/config/config.php
+++ b/application/config/config.php
@@ -8,7 +8,7 @@
 | 
 | 
 */ 
-$config['application_version'] = '3.2.1';
+$config['application_version'] = '3.2.2';

 /* 
 |-------------------------------------------------------------------------- 
--- a/application/views/configs/locale_config.php
+++ b/application/views/configs/locale_config.php
@@ -234,7 +234,7 @@ $(document).ready(function()
 		var data = { number_locale: $('#number_locale').val() };
 		data[field] = value;
 		$.post("<?php echo site_url($controller_name . '/ajax_check_number_locale')?>",
-			data,
+			$.extend(csrf_form_base(), data),
 			function(response) {
 				$('#number_locale_example').text(response.number_locale_example);
 			},
@@ -253,10 +253,10 @@ $(document).ready(function()
 				{
 					url: "<?php echo site_url($controller_name . '/ajax_check_number_locale')?>",
 					type: 'POST',
-					data: {
+					data: $.extend(csrf_form_base(), {
 						'number_locale': $('#number_locale').val(),
 						'thousands_separator': $('#thousands_separator').is(':checked')
-					},
+					}),
 					dataFilter: function(data) {
 						setup_csrf_token();
 						var response = JSON.parse(data);
--- a/application/views/configs/mailchimp_config.php
+++ b/application/views/configs/mailchimp_config.php
@@ -50,9 +50,10 @@
 $(document).ready(function()
 {
 	$('#mailchimp_api_key').change(function() {
-		$.post("<?php echo site_url($controller_name . '/ajax_check_mailchimp_api_key')?>", {
+		$.post("<?php echo site_url($controller_name . '/ajax_check_mailchimp_api_key')?>",
+			$.extend(csrf_form_base(), {
 				'mailchimp_api_key': $('#mailchimp_api_key').val()
-			},
+			}),
 			function(response) {
 				$.notify(response.message, {type: response.success ? 'success' : 'danger'} );
 				$('#mailchimp_list_id').empty();
--- a/application/views/customers/form.php
+++ b/application/views/customers/form.php
@@ -454,38 +454,38 @@ $(document).ready(function()
 			first_name: 'required',
 			last_name: 'required',
 			consent: 'required',
-    		email:
+			email:
 			{
 				remote:
 				{
 					url: "<?php echo site_url($controller_name . '/ajax_check_email')?>",
 					type: 'POST',
-					data: {
+					data: $.extend(csrf_form_base(), {
 						'person_id': '<?php echo $person_info->person_id; ?>'
 						// email is posted by default
-					}
+					})
 				}
 			},
-    		account_number:
+			account_number:
 			{
 				remote:
 				{
 					url: "<?php echo site_url($controller_name . '/ajax_check_account_number')?>",
 					type: 'POST',
-					data: {
+					data: $.extend(csrf_form_base(), {
 						'person_id': '<?php echo $person_info->person_id; ?>'
 						// account_number is posted by default
-					}
+					})
 				}
 			}
-   		},
+		},

-		messages: 
+		messages:
 		{
-     		first_name: "<?php echo $this->lang->line('common_first_name_required'); ?>",
-     		last_name: "<?php echo $this->lang->line('common_last_name_required'); ?>",
-     		consent: "<?php echo $this->lang->line('customers_consent_required'); ?>",
-     		email: "<?php echo $this->lang->line('customers_email_duplicate'); ?>",
+			first_name: "<?php echo $this->lang->line('common_first_name_required'); ?>",
+			last_name: "<?php echo $this->lang->line('common_last_name_required'); ?>",
+			consent: "<?php echo $this->lang->line('customers_consent_required'); ?>",
+			email: "<?php echo $this->lang->line('customers_email_duplicate'); ?>",
 			account_number: "<?php echo $this->lang->line('customers_account_number_duplicate'); ?>"
 		}
 	}, form_support.error));
--- a/application/views/giftcards/form.php
+++ b/application/views/giftcards/form.php
@@ -76,7 +76,7 @@ $(document).ready(function()
 		source: '<?php echo site_url("customers/suggest"); ?>',
 		minChars: 0,
 		delay: 15, 
-	   	cacheLength: 1,
+		cacheLength: 1,
 		appendTo: '.modal-content',
 		select: fill_value,
 		focus: fill_value
@@ -125,9 +125,9 @@ $(document).ready(function()
 				{
 					url: "<?php echo site_url($controller_name . '/ajax_check_number_giftcard')?>",
 					type: 'POST',
-					data: {
+					data: $.extend(csrf_form_base(), {
 						'amount': $('#giftcard_amount').val()
-					},
+					}),
 					dataFilter: function(data) {
 						setup_csrf_token();
 						var response = JSON.parse(data);
--- a/application/views/partial/header_js.php
+++ b/application/views/partial/header_js.php
@@ -16,6 +16,8 @@
 		from: '<?php echo $this->config->item('notify_vertical_position'); ?>'
 	}});

+	var post = $.post;
+
 	var csrf_token = function() {
 		return Cookies.get('<?php echo $this->config->item('csrf_cookie_name'); ?>');
 	};
@@ -24,23 +26,9 @@
 		return { <?php echo $this->security->get_csrf_token_name(); ?> : function () { return csrf_token();  } };
 	};

-	var ajax = $.ajax;
-
-	$.ajax = function() {
-	    var args = arguments[0];
-
-		if (args['type'] && args['type'].toLowerCase() == 'post' && csrf_token()) {
-			if (typeof args['data'] === 'string')
-			{
-				args['data'] += $.param(csrf_form_base());
-			}
-			else
-			{
-				args['data'] = $.extend(args['data'], csrf_form_base());
-			}
-		}
-
-		return ajax.apply(this, arguments);
+	$.post = function() {
+		arguments[1] = csrf_token() ? $.extend(arguments[1], csrf_form_base()) : arguments[1];
+		post.apply(this, arguments);
 	};

 	var setup_csrf_token = function() {
--- a/application/views/sales/form.php
+++ b/application/views/sales/form.php
@@ -165,7 +165,7 @@ $(document).ready(function()
 	});

 	var submit_form = function()
-	{ 
+	{
 		$(this).ajaxSubmit(
 		{
 			success: function(response)
@@ -191,12 +191,12 @@ $(document).ready(function()
 				{
 					url: "<?php echo site_url($controller_name . '/check_invoice_number')?>",
 					type: 'POST',
-					data: {
-						'sale_id': <?php echo $sale_info['sale_id']; ?>,
-						'invoice_number': function() {
+					data: $.extend(csrf_form_base(), {
+						'sale_id' : <?php echo $sale_info['sale_id']; ?>,
+						'invoice_number' : function() {
 							return $('#invoice_number').val();
 						}
-					}
+					})
 				}
 			}
 		},
--- a/bower.json
+++ b/bower.json
@@ -1,7 +1,7 @@
 {
  "name": "opensourcepos",
  "description": "Open Source Point of Sale is a web based POS system written in the PHP language. It uses MySQL as backend and has a simple user interface",
-  "version": "3.2.1",
+  "version": "3.2.2",
  "license": "MIT",
  "authors": [
    "jekkos <jeroen.peelaerts - at - gmail.com>",
--- a/deployment.json
+++ b/deployment.json
@@ -14,7 +14,7 @@
        "public_stats": true
    },
    "version": {
-        "name": "3.2.1"
+        "name": "3.2.2"
    },
    "files": [
        {"includePattern": "dist(.*)\\.(zip)", "uploadPattern": "$1.$2"}
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
  "name": "opensourcepos",
-  "version": "3.2.1",
+  "version": "3.2.2",
  "description": "Open Source Point of Sale is a web based point of sale system written in the PHP language. It uses MySQL as the data storage back-end and has a simple user interface.",
  "main": "index.php",
  "license": "MIT",
--- a/public/license/composer.LICENSES
+++ b/public/license/composer.LICENSES
@@ -1,6 +1,6 @@
 {
    "name": "OpenSourcePOS",
-    "version": "3.2.1",
+    "version": "3.2.2",
    "license": [
        "MIT"
    ],
Author	SHA1	Message	Date
FrancescoUK	c5632a2f5a	Release 3.2.2	2018-06-06 21:35:52 +01:00
FrancescoUK	2e7e9cecd8	Revert CSRF change (#2009 )	2018-06-06 21:28:52 +01:00
FrancescoUK	5ce7fcf5ed	Bump version to 3.3.0 for next phase	2018-06-04 22:01:10 +01:00