mirror/opensourcepos
1
0
Fork 0
mirror of https://github.com/opensourcepos/opensourcepos.git synced 2025-12-24 01:57:51 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
d575c8da9a1d7af8313a1e758e000e243f5614ef
opensourcepos/app/Views/partial/header_js.php
jekkos d575c8da9a Enable CSRF using session token (#3632)
2025-12-15 21:34:38 +01:00

90 lines
2.5 KiB
PHP
Raw Blame History

<?php
/**
* @var array $config
*/
?>
<script type="text/javascript">
// Live clock
var clock_tick = function clock_tick() {
setInterval('update_clock();', 1000);
}
// Start the clock immediately
clock_tick();
var update_clock = function update_clock() {
document.getElementById('liveclock').innerHTML = moment().format("<?= dateformat_momentjs($config['dateformat'] . ' ' . $config['timeformat']) ?>");
}
const notify = $.notify;
$.notify = function(content, options) {
const message = typeof content === "object" ? content.message : content;
const sanitizedMessage = DOMPurify.sanitize(message);
return notify(sanitizedMessage, options);
};
$.notifyDefaults({
placement: {
align: "<?= esc($config['notify_horizontal_position'], 'js') ?>",
from: "<?= esc($config['notify_vertical_position'], 'js') ?>"
}
});
var csrf_token = function() {
return "<?= csrf_hash() ?>";
};
var csrf_form_base = function() {
return {
<?= esc(config('Security')->tokenName, 'js') ?>: function() {
return csrf_token()
}
}
};
var setup_csrf_token = function() {
$('input[name="<?= esc(config('Security')->tokenName, 'js') ?>"]').val(csrf_token());
};
var ajax = $.ajax;
$.ajax = function() {
var args = arguments[0];
if (args['type'] && args['type'].toLowerCase() == 'post' && csrf_token()) {
if (typeof args['data'] === 'string') {
args['data'] += '&' + $.param(csrf_form_base());
} else {
args['data'] = $.extend(args['data'], csrf_form_base());
}
}
return ajax.apply(this, arguments);
};
$(document).ajaxComplete(setup_csrf_token);
$(document).ready(function() {
$("#logout").click(function(event) {
event.preventDefault();
$.ajax({
url: "<?= site_url('home/logout'); ?>",
data: {
"<?= esc(config('Security')->tokenName, 'js'); ?>": csrf_token()
},
success: function() {
window.location.href = '<?= site_url(); ?>';
},
method: "POST"
});
});
});
var submit = $.fn.submit;
$.fn.submit = function() {
setup_csrf_token();
submit.apply(this, arguments);
};
</script>
Reference in New Issue View Git Blame Copy Permalink