From a4c2a0cb07273e33a5fdbc3591459e0cc1c3b0a5 Mon Sep 17 00:00:00 2001 From: "Michael J. Rubinsky" Date: Sun, 8 Nov 2009 11:53:47 -0500 Subject: [PATCH] Support for POST only variables using Horde_Ajax_Imple, and fix kronolith's tag actions to require POST for state changing actions. --- ansel/lib/Ajax/Imple/EditCaption.php | 2 +- ansel/lib/Ajax/Imple/EditFaces.php | 2 +- ansel/lib/Ajax/Imple/Embed.php | 2 +- ansel/lib/Ajax/Imple/GallerySlugCheck.php | 2 +- ansel/lib/Ajax/Imple/ImageSaveGeotag.php | 2 +- ansel/lib/Ajax/Imple/LocationAutoCompleter.php | 2 +- ansel/lib/Ajax/Imple/TagActions.php | 2 +- ansel/lib/Ajax/Imple/ToggleGalleryActions.php | 2 +- ansel/lib/Ajax/Imple/ToggleOtherGalleries.php | 2 +- imp/lib/Ajax/Imple/ContactAutoCompleter.php | 2 +- kronolith/js/tagactions.js | 10 ++++------ kronolith/lib/Ajax/Imple/ContactAutoCompleter.php | 2 +- kronolith/lib/Ajax/Imple/Embed.php | 2 +- kronolith/lib/Ajax/Imple/TagActions.php | 21 +++++++++++---------- kronolith/lib/Ajax/Imple/TagAutoCompleter.php | 2 +- 15 files changed, 28 insertions(+), 29 deletions(-) diff --git a/ansel/lib/Ajax/Imple/EditCaption.php b/ansel/lib/Ajax/Imple/EditCaption.php index 519bda7c7..5d3d812a9 100644 --- a/ansel/lib/Ajax/Imple/EditCaption.php +++ b/ansel/lib/Ajax/Imple/EditCaption.php @@ -48,7 +48,7 @@ class Ansel_Ajax_Imple_EditCaption extends Horde_Ajax_Imple_Base Horde::addInlineScript($js, 'dom'); } - public function handle($args) + public function handle($args, $post) { include_once dirname(__FILE__) . '/../../base.php'; diff --git a/ansel/lib/Ajax/Imple/EditFaces.php b/ansel/lib/Ajax/Imple/EditFaces.php index 651a4954c..2c23b380e 100644 --- a/ansel/lib/Ajax/Imple/EditFaces.php +++ b/ansel/lib/Ajax/Imple/EditFaces.php @@ -28,7 +28,7 @@ class Ansel_Ajax_Imple_EditFaces extends Horde_Ajax_Imple_Base Horde::addInlineScript($js, 'dom'); } - function handle($args) + function handle($args, $post) { include_once dirname(__FILE__) . '/../../base.php'; diff --git a/ansel/lib/Ajax/Imple/Embed.php b/ansel/lib/Ajax/Imple/Embed.php index a6bce56c3..c06c63004 100644 --- a/ansel/lib/Ajax/Imple/Embed.php +++ b/ansel/lib/Ajax/Imple/Embed.php @@ -28,7 +28,7 @@ class Ansel_Ajax_Imple_Embed extends Horde_Ajax_Imple_Base * * @param array $args Arguments for this view. */ - public function handle($args) + public function handle($args, $post) { include_once dirname(__FILE__) . '/../../base.php'; diff --git a/ansel/lib/Ajax/Imple/GallerySlugCheck.php b/ansel/lib/Ajax/Imple/GallerySlugCheck.php index 2b3a6e9ad..6e3705ddf 100644 --- a/ansel/lib/Ajax/Imple/GallerySlugCheck.php +++ b/ansel/lib/Ajax/Imple/GallerySlugCheck.php @@ -24,7 +24,7 @@ class Ansel_Ajax_Imple_GallerySlugCheck extends Horde_Ajax_Imple_Base Horde::addInlineScript($js, 'dom'); } - public function handle($args) + public function handle($args, $post) { include_once dirname(__FILE__) . '/../../base.php'; if (empty($args['input'])) { diff --git a/ansel/lib/Ajax/Imple/ImageSaveGeotag.php b/ansel/lib/Ajax/Imple/ImageSaveGeotag.php index 3ed59fb63..bce0d1638 100644 --- a/ansel/lib/Ajax/Imple/ImageSaveGeotag.php +++ b/ansel/lib/Ajax/Imple/ImageSaveGeotag.php @@ -21,7 +21,7 @@ class Ansel_Ajax_Imple_ImageSaveGeotag extends Horde_Ajax_Imple_Base return $this->_getUrl('ImageSaveGeotag', 'ansel'); } - public function handle($args) + public function handle($args, $post) { include_once dirname(__FILE__) . '/../../base.php'; diff --git a/ansel/lib/Ajax/Imple/LocationAutoCompleter.php b/ansel/lib/Ajax/Imple/LocationAutoCompleter.php index 847cd5369..7719de8ca 100644 --- a/ansel/lib/Ajax/Imple/LocationAutoCompleter.php +++ b/ansel/lib/Ajax/Imple/LocationAutoCompleter.php @@ -48,7 +48,7 @@ class Ansel_Ajax_Imple_LocationAutoCompleter extends Horde_Ajax_Imple_AutoComple return $ret; } - public function handle($args) + public function handle($args, $post) { include_once dirname(__FILE__) . '/../../base.php'; diff --git a/ansel/lib/Ajax/Imple/TagActions.php b/ansel/lib/Ajax/Imple/TagActions.php index 36d561f1b..3e9644f13 100644 --- a/ansel/lib/Ajax/Imple/TagActions.php +++ b/ansel/lib/Ajax/Imple/TagActions.php @@ -31,7 +31,7 @@ class Ansel_Ajax_Imple_TagActions extends Horde_Ajax_Imple_Base Horde::addInlineScript($js, 'dom'); } - public function handle($args) + public function handle($args, $post) { include_once dirname(__FILE__) . '/../../base.php'; diff --git a/ansel/lib/Ajax/Imple/ToggleGalleryActions.php b/ansel/lib/Ajax/Imple/ToggleGalleryActions.php index 260cb12d5..357474e19 100644 --- a/ansel/lib/Ajax/Imple/ToggleGalleryActions.php +++ b/ansel/lib/Ajax/Imple/ToggleGalleryActions.php @@ -24,7 +24,7 @@ class Ansel_Ajax_Imple_ToggleGalleryActions extends Horde_Ajax_Imple_Base Horde::addInlineScript($js, 'dom'); } - public function handle($args) + public function handle($args, $post) { if (empty($args['input'])) { return 0; diff --git a/ansel/lib/Ajax/Imple/ToggleOtherGalleries.php b/ansel/lib/Ajax/Imple/ToggleOtherGalleries.php index 3ceacede2..715c17167 100644 --- a/ansel/lib/Ajax/Imple/ToggleOtherGalleries.php +++ b/ansel/lib/Ajax/Imple/ToggleOtherGalleries.php @@ -23,7 +23,7 @@ class Ansel_Ajax_Imple_ToggleOtherGalleries extends Horde_Ajax_Imple_Base Horde::addInlineScript($js, 'dom'); } - public function handle($args) + public function handle($args, $post) { if (empty($args['input'])) { return 0; diff --git a/imp/lib/Ajax/Imple/ContactAutoCompleter.php b/imp/lib/Ajax/Imple/ContactAutoCompleter.php index f5b7e014b..5f534a88d 100644 --- a/imp/lib/Ajax/Imple/ContactAutoCompleter.php +++ b/imp/lib/Ajax/Imple/ContactAutoCompleter.php @@ -81,7 +81,7 @@ class IMP_Ajax_Imple_ContactAutoCompleter extends Horde_Ajax_Imple_AutoCompleter * * @return array The data to send to the autocompleter JS code. */ - public function handle($args) + public function handle($args, $post) { // Avoid errors if 'input' isn't set and short-circuit empty searches. if (empty($args['input']) || diff --git a/kronolith/js/tagactions.js b/kronolith/js/tagactions.js index ea98b2b6d..9dd3f13c5 100644 --- a/kronolith/js/tagactions.js +++ b/kronolith/js/tagactions.js @@ -1,10 +1,9 @@ function addTag(resource, type, endpoint) { if (!$('newtags-input_' + resource).value.blank()) { - var params = new Object(); - params.imple="/action=add/resource=" + resource + "/type=" + type + "/tags=" + $('newtags-input_' + resource).value; + var params = { "params": "resource=" + resource + "/type=" + type + "/tags=" + $('newtags-input_' + resource).value }; new Ajax.Updater({success:'tags_' + resource}, - endpoint, + endpoint + "/action=add/post=params", { method: 'post', parameters: params, @@ -18,10 +17,9 @@ function addTag(resource, type, endpoint) function removeTag(resource, type, tagid, endpoint) { - var params = new Object(); - params.imple = "/action=remove/resource=" + resource + "/type=" + type + "/tags=" + tagid; + var params = {"params": "resource=" + resource + "/type=" + type + "/tags=" + tagid }; new Ajax.Updater({success:'tags_' + resource}, - endpoint, + endpoint + "/action=remove/post=params", { method: 'post', parameters: params diff --git a/kronolith/lib/Ajax/Imple/ContactAutoCompleter.php b/kronolith/lib/Ajax/Imple/ContactAutoCompleter.php index 6a7656fa9..d03600673 100644 --- a/kronolith/lib/Ajax/Imple/ContactAutoCompleter.php +++ b/kronolith/lib/Ajax/Imple/ContactAutoCompleter.php @@ -40,7 +40,7 @@ class Kronolith_Ajax_Imple_ContactAutoCompleter extends Horde_Ajax_Imple_AutoCom * * @return string TODO */ - public function handle($args) + public function handle($args, $post) { // Avoid errors if 'input' isn't set and short-circuit empty searches. if (empty($args['input']) || diff --git a/kronolith/lib/Ajax/Imple/Embed.php b/kronolith/lib/Ajax/Imple/Embed.php index 1f0434ed3..df1af194a 100644 --- a/kronolith/lib/Ajax/Imple/Embed.php +++ b/kronolith/lib/Ajax/Imple/Embed.php @@ -38,7 +38,7 @@ class Kronolith_Ajax_Imple_Embed extends Horde_Ajax_Imple_Base * * @param array $args Arguments for this view. */ - public function handle($args) + public function handle($args, $post) { /* First, determine the type of view we are asking for */ $view = $args['view']; diff --git a/kronolith/lib/Ajax/Imple/TagActions.php b/kronolith/lib/Ajax/Imple/TagActions.php index 4edeb3987..f529652f9 100644 --- a/kronolith/lib/Ajax/Imple/TagActions.php +++ b/kronolith/lib/Ajax/Imple/TagActions.php @@ -38,20 +38,21 @@ class Kronolith_Ajax_Imple_TagActions extends Horde_Ajax_Imple_Base * the type of object (event/calendar) and 'tags' should be the integer * tag_id of the tag to remove. */ - public function handle($args) + public function handle($args, $post) { + require_once dirname(__FILE__) . '/../../base.php'; global $ansel_storage; $request = $args['action']; - $content = array('id' => $args['resource'], 'type' => $args['type']); - $tags = $args['tags']; + $content = array('id' => $post['resource'], 'type' => $post['type']); + $tags = $post['tags']; // Check perms - if ($args['type'] == 'calendar') { - $cal = $GLOBALS['kronolith_shares']->getShare($args['resource']); + if ($post['type'] == 'calendar') { + $cal = $GLOBALS['kronolith_shares']->getShare($post['resource']); $perm = $cal->hasPermission(Horde_Auth::getAuth(), PERMS_EDIT); - } elseif($args['type'] == 'event') { - $event = Kronolith::getDriver()->getByUID($args['resource']); + } elseif($post['type'] == 'event') { + $event = Kronolith::getDriver()->getByUID($post['resource']); $perm = $event->hasPermission(PERMS_EDIT, Horde_Auth::getAuth()); } @@ -60,14 +61,14 @@ class Kronolith_Ajax_Imple_TagActions extends Horde_Ajax_Imple_Base $tagger = Kronolith::getTagger(); switch ($request) { case 'add': - $tagger->tag($args['resource'], $tags, $args['type']); + $tagger->tag($post['resource'], $tags, $post['type']); break; case 'remove': - $tagger->untag($args['resource'], (int)$tags, $args['type']); + $tagger->untag($post['resource'], (int)$tags, $post['type']); break; } } - return $this->_getTagHtml($tagger, $args['resource'], $args['type']); + return $this->_getTagHtml($tagger, $post['resource'], $post['type']); } diff --git a/kronolith/lib/Ajax/Imple/TagAutoCompleter.php b/kronolith/lib/Ajax/Imple/TagAutoCompleter.php index 8b61091c1..69ced6285 100644 --- a/kronolith/lib/Ajax/Imple/TagAutoCompleter.php +++ b/kronolith/lib/Ajax/Imple/TagAutoCompleter.php @@ -43,7 +43,7 @@ class Kronolith_Ajax_Imple_TagAutoCompleter extends Horde_Ajax_Imple_AutoComplet * * @return string TODO */ - public function handle($args) + public function handle($args, $post) { // Avoid errors if 'input' isn't set and short-circuit empty searches. if (empty($args['input']) || -- 2.11.0