Skip to content

Commit

Permalink
Revert "Revert CSRF changes in LimeScript"
Browse files Browse the repository at this point in the history 
This reverts commit d3c4506.
  • Loading branch information
@olleharstedt
olleharstedt committed Aug 5, 2021
1 parent 3b82b14 commit 3f99736
Showing 1 changed file with 8 additions and 2 deletions.
10 changes: 8 additions & 2 deletions application/extensions/LimeScript/LimeScript.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,15 +20,21 @@ public function run()
$data['language'] = Yii::app()->language;
$data['replacementFields']['path'] = App()->createUrl("limereplacementfields/index");
$json = json_encode($data, JSON_FORCE_OBJECT);
// TODO: CSRF should not be passed on GET requests. Test with subquestion quick-add to confirm fix (uses POST).
$script = "LS.data = $json;\n"
. "LS.lang = {
confirm: {
confirm_cancel: '".gT('Cancel')."',
confirm_ok: '".gT('OK')."'
}
};\n"
. "$.ajaxSetup({data: {".Yii::app()->request->csrfTokenName.": LS.data.csrfToken}});";

. "$.ajaxSetup({
beforeSend: function(jqXHR, settings) {
if(settings.method != 'GET') {
{data: {".Yii::app()->request->csrfTokenName.": LS.data.csrfToken}}
}
}
});";
App()->getClientScript()->registerScript('LimeScript', $script, CClientScript::POS_HEAD);
}
}
Expand Down

0 comments on commit 3f99736

Please sign in to comment.