Relocate dropzone inline js to separate file

Fixes #21651
mantisbt · Oct 25, 2016 · 48a71a7 · 48a71a7
1 parent 256f1bb
commit 48a71a7
Show file tree

Hide file tree

Showing 8 changed files with 125 additions and 106 deletions.
diff --git a/bug_file_upload_inc.php b/bug_file_upload_inc.php
@@ -57,7 +57,11 @@
 	$t_block_icon = $t_collapse_block ? 'fa-chevron-down' : 'fa-chevron-up';
 	$t_file_upload_max_num = max( 1, config_get( 'file_upload_max_num' ) );
 ?>
-<form method="post" enctype="multipart/form-data" action="bug_file_add.php" class="form-inline auto-dropzone-form">
+<form method="post"
+	enctype="multipart/form-data"
+	action="bug_file_add.php"
+	class="form-inline auto-dropzone-form"
+<?php include_once( dirname( __FILE__ ) . '/dropzone_inc.php' ) ?>>
 <?php echo form_security_field( 'bug_file_add' ) ?>
 
 <div id="upload_form" class="widget-box widget-color-blue2 <?php echo $t_block_css ?>">
@@ -107,5 +111,3 @@
 </div>
 </form>
 </div>
-<?php
-include_once( dirname( __FILE__ ) . '/fileupload_inc.php' );
diff --git a/bug_report_page.php b/bug_report_page.php
@@ -236,7 +236,11 @@
 }
 ?>
 <div class="col-md-12 col-xs-12">
-<form id="report_bug_form" method="post" <?php echo $t_form_encoding; ?> action="bug_report.php?posted=1" class="dropzone-form">
+<form id="report_bug_form"
+	method="post" <?php echo $t_form_encoding; ?>
+	action="bug_report.php?posted=1"
+	class="dropzone-form"
+<?php include_once( dirname( __FILE__ ) . '/dropzone_inc.php' ) ?>>
 <?php echo form_security_field( 'bug_report' ) ?>
 <input type="hidden" name="m_id" value="<?php echo $f_master_bug_id ?>" />
 <input type="hidden" name="project_id" value="<?php echo $t_project_id ?>" />
@@ -718,5 +722,4 @@
 </form>
 </div>
 <?php
-include_once( dirname( __FILE__ ) . '/fileupload_inc.php' );
 layout_page_end();
diff --git a/bugnote_add_inc.php b/bugnote_add_inc.php
@@ -63,7 +63,12 @@
 	$t_block_css = $t_collapse_block ? 'collapsed' : '';
 	$t_block_icon = $t_collapse_block ? 'fa-chevron-down' : 'fa-chevron-up';
 ?>
-<form id="bugnoteadd" method="post" action="bugnote_add.php" enctype="multipart/form-data" class="dz dropzone-form">
+<form id="bugnoteadd"
+	method="post"
+	action="bugnote_add.php"
+	enctype="multipart/form-data"
+	class="dz dropzone-form"
+<?php include_once( dirname( __FILE__ ) . '/dropzone_inc.php' ) ?>>
 	<?php echo form_security_field( 'bugnote_add' ) ?>
 	<input type="hidden" name="bug_id" value="<?php echo $f_bug_id ?>" />
 	<div id="bugnote_add" class="widget-box widget-color-blue2 <?php echo $t_block_css ?>">
@@ -176,5 +181,4 @@
 </form>
 </div>
 <?php
-	include_once( dirname( __FILE__ ) . '/fileupload_inc.php' );
 }
diff --git a/core/html_api.php b/core/html_api.php
@@ -222,6 +222,8 @@ function html_css() {
 	foreach( $g_stylesheets_included as $t_stylesheet_path ) {
 		html_css_link( $t_stylesheet_path );
 	}
+
+	html_css_link( 'dropzone.css' );
 }
 
 /**
@@ -307,6 +309,7 @@ function html_head_javascript() {
 		html_javascript_link( 'jquery-ui-' . JQUERY_UI_VERSION . '.min.js' );
 	}
 
+	html_javascript_link( 'dropzone.min.js');
 	html_javascript_link( 'common.js' );
 	foreach ( $g_scripts_included as $t_script_path ) {
 		html_javascript_link( $t_script_path );

diff --git a/core/http_api.php b/core/http_api.php
@@ -233,10 +233,9 @@ function http_security_headers() {
 			http_csp_add( 'img-src', 'ajax.googleapis.com' );
 		}
 
-		# Relaxing policy for view issue page to allow inline scripts.
-		# Should be removed once #21651 is fixed.
-		if( 'view.php' == basename( $_SERVER['SCRIPT_NAME'] ) ||
-			'bug_report_page.php' == basename( $_SERVER['SCRIPT_NAME'] ) ) {
+		# Relaxing policy for bug report page to allow inline scripts.
+		# Should be removed once #20040 is fixed.
+		if( 'bug_report_page.php' == basename( $_SERVER['SCRIPT_NAME'] ) ) {
 			http_csp_add( 'script-src', "'unsafe-inline'" );
 		}
 

diff --git a/dropzone_inc.php b/dropzone_inc.php
@@ -0,0 +1,43 @@
+<?php
+# MantisBT - A PHP based bugtracking system
+
+# MantisBT is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 2 of the License, or
+# (at your option) any later version.
+#
+# MantisBT is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with MantisBT.  If not, see <http://www.gnu.org/licenses/>.
+
+/**
+ * This include file prints out the fileupload widget
+ *
+ * @package MantisBT
+ * @copyright Copyright 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
+ * @copyright Copyright 2002  MantisBT Team - mantisbt-dev@lists.sourceforge.net
+ * @link http://www.mantisbt.org
+ *
+ */
+?>
+	data-force-fallback="<?php echo config_get( 'dropzone_enabled' ) ? 'false' : 'true' ?>"
+	data-max-filesize="<?php echo ceil( config_get( 'max_file_size' ) / (1000 * 1024) ) ?>"
+	data-accepted-files="<?php echo config_get( 'allowed_files' ) ?>"
+	data-default-message="<?php echo htmlspecialchars( lang_get( 'dropzone_default_message' ) ) ?>"
+	data-fallback-message="<?php echo htmlspecialchars( lang_get( 'dropzone_fallback_message' ) ) ?>"
+	data-fallback-text="<?php echo htmlspecialchars( lang_get( 'dropzone_fallback_text' ) ) ?>"
+	data-file-too-big="<?php echo htmlspecialchars( lang_get( 'dropzone_file_too_big' ) ) ?>"
+	data-invalid-file-type="<?php echo htmlspecialchars( lang_get( 'dropzone_invalid_file_type' ) ) ?>"
+	data-response-error="<?php echo htmlspecialchars( lang_get( 'dropzone_response_error' ) ) ?>"
+	data-cancel-upload="<?php echo htmlspecialchars( lang_get( 'dropzone_cancel_upload' ) ) ?>"
+	data-cancel-upload-confirmation="<?php echo htmlspecialchars( lang_get( 'dropzone_cancel_upload_confirmation' ) ) ?>"
+	data-remove-file="<?php echo htmlspecialchars( lang_get( 'dropzone_remove_file' ) ) ?>"
+	data-remove-file-confirmation="<?php echo htmlspecialchars( lang_get( 'dropzone_remove_file_confirmation' ) ) ?>"
+	data-max-files-exceeded="<?php echo htmlspecialchars( lang_get( 'dropzone_max_files_exceeded' ) ) ?>"
+	data-dropzone-not-supported="<?php echo htmlspecialchars( lang_get( 'dropzone_not_supported' ) ) ?>"
+
+
diff --git a/fileupload_inc.php b/fileupload_inc.php
diff --git a/js/common.js b/js/common.js
@@ -220,6 +220,12 @@ $(document).ready( function() {
 		});
 	});
 
+	if( $( ".dropzone-form" ).length ) {
+		enableDropzone( "dropzone", false );
+	}
+	if( $( ".auto-dropzone-form" ).length ) {
+		enableDropzone( "auto-dropzone", true );
+	}
 
 	$('.bug-jump').find('[name=bug_id]').focus( function() {
 		var bug_label = $('.bug-jump-form').find('[name=bug_label]').val();
@@ -460,3 +466,57 @@ function toggleDisplay(idTag)
 {
 	setDisplay( idTag, (document.getElementById(idTag).style.display == 'none')?1:0 );
 }
+
+// Dropzone handler
+Dropzone.autoDiscover = false;
+function enableDropzone( classPrefix, autoUpload ) {
+	try {
+		var zone = new Dropzone( "." + classPrefix + "-form", {
+			forceFallback: $(this).data('force-fallback'),
+			paramName: "ufile",
+			autoProcessQueue: autoUpload,
+			clickable: '.' + classPrefix,
+			previewsContainer: '#' + classPrefix + '-previews-box',
+			uploadMultiple: true,
+			parallelUploads: 100,
+			maxFilesize: $(this).data('max-filesize'),
+			addRemoveLinks: !autoUpload,
+			acceptedFiles: $(this).data('accepted-files'),
+			previewTemplate: "<div class=\"dz-preview dz-file-preview\">\n  <div class=\"dz-details\">\n    <div class=\"dz-filename\"><span data-dz-name></span></div>\n    <div class=\"dz-size\" data-dz-size></div>\n    <img data-dz-thumbnail />\n  </div>\n  <div class=\"progress progress-small progress-striped active\"><div class=\"progress-bar progress-bar-success\" data-dz-uploadprogress></div></div>\n  <div class=\"dz-success-mark\"><span></span></div>\n  <div class=\"dz-error-mark\"><span></span></div>\n  <div class=\"dz-error-message\"><span data-dz-errormessage></span></div>\n</div>",
+			dictDefaultMessage: $(this).data('default-message'),
+			dictFallbackMessage: $(this).data('fallback-message'),
+			dictFallbackText: $(this).data('fallback-text'),
+			dictFileTooBig: $(this).data('file-too-big'),
+			dictInvalidFileType: $(this).data('invalid-file-type'),
+			dictResponseError: $(this).data('response-error'),
+			dictCancelUpload: $(this).data('cancel-upload'),
+			dictCancelUploadConfirmation: $(this).data('cancel-upload-confirmation'),
+			dictRemoveFile: $(this).data('remove-file'),
+			dictRemoveFileConfirmation: $(this).data('remove-file-confirmation'),
+			dictMaxFilesExceeded: $(this).data('max-files-exceeded'),
+
+			init: function () {
+				var dropzone = this;
+				$( "input[type=submit]" ).on( "click", function (e) {
+					if( dropzone.getQueuedFiles().length ) {
+						e.preventDefault();
+						e.stopPropagation();
+						dropzone.processQueue();
+					}
+				});
+				this.on( "successmultiple", function( files, response ) {
+					document.open();
+					document.write( response );
+					document.close();
+				});
+			},
+			fallback: function() {
+				if( $( "." + classPrefix ).length ) {
+					$( "." + classPrefix ).hide();
+				}
+			}
+		});
+	} catch (e) {
+		alert( $(this).data('dropzone-not-supported') );
+	}
+}