From a343080d6ce2c6b9a13c1e5cea0e2503dba4ef69 Mon Sep 17 00:00:00 2001 From: LouisGac Date: Mon, 23 May 2016 16:56:11 +0200 Subject: [PATCH] Dev: POST request with csrfToken check for survey list massive actions --- application/controllers/admin/export.php | 8 +++++--- application/controllers/admin/surveyadmin.php | 4 ++-- scripts/admin/admin_core.js | 11 +++++++---- 3 files changed, 14 insertions(+), 9 deletions(-) diff --git a/application/controllers/admin/export.php b/application/controllers/admin/export.php index 52f47effbab..1600ede53d0 100644 --- a/application/controllers/admin/export.php +++ b/application/controllers/admin/export.php @@ -889,18 +889,20 @@ public function dumplabel() * Export multiple surveys structure. Called via ajax from surveys list massive action * @param string $sSurveys :json string containing the list of survey to delete */ - public function exportMultipleStructureSurveys($sSurveys) + public function exportMultipleStructureSurveys() { + $sSurveys = $_POST['sSurveys']; $exportResult = $this->exportMultipleSurveys($sSurveys, 'structure'); - Yii::app()->getController()->renderPartial('/admin/survey/massive_actions/_export_archive_results', array('aResults'=>$exportResult['aResults'], 'sZip'=>$exportResult['sZip'])); + Yii::app()->getController()->renderPartial('/admin/survey/massive_actions/_export_archive_results', array('aResults'=>$exportResult['aResults'], 'sZip'=>$exportResult['sZip'], 'bArchiveIsEmpty'=>$exportResult['bArchiveIsEmpty'])); } /** * Export multiple surveys archives. Called via ajax from surveys list massive action * @param string $sSurveys :json string containing the list of survey to delete */ - public function exportMultipleArchiveSurveys($sSurveys) + public function exportMultipleArchiveSurveys() { + $sSurveys = $_POST['sSurveys']; $exportResult = $this->exportMultipleSurveys($sSurveys, 'archive'); Yii::app()->getController()->renderPartial('/admin/survey/massive_actions/_export_archive_results', array('aResults'=>$exportResult['aResults'], 'sZip'=>$exportResult['sZip'], 'bArchiveIsEmpty'=>$exportResult['bArchiveIsEmpty'])); } diff --git a/application/controllers/admin/surveyadmin.php b/application/controllers/admin/surveyadmin.php index d607ee938c9..6f4da855205 100644 --- a/application/controllers/admin/surveyadmin.php +++ b/application/controllers/admin/surveyadmin.php @@ -52,9 +52,9 @@ public function index() /** * @param string $sSurveys :json string containing the list of survey to delete */ - public function deleteMultipleSurveys($sSurveys) + public function deleteMultipleSurveys() { - $aSurveys = json_decode($sSurveys); + $aSurveys = json_decode($_POST['sSurveys']); $aResults = array(); foreach($aSurveys as $iSurveyID) { diff --git a/scripts/admin/admin_core.js b/scripts/admin/admin_core.js index bdcadc70eda..bb6e79ca52e 100644 --- a/scripts/admin/admin_core.js +++ b/scripts/admin/admin_core.js @@ -58,7 +58,10 @@ $(document).ready(function(){ $checkedSid = JSON.stringify($oCheckedSid); $modal = $('#confirmation-modal'); // The modal we want to use - $actionUrl = $actionUrl + '/sSurveys/'+$checkedSid; + + $actionUrl = $actionUrl; + $postDatas = {sSurveys:$checkedSid}; + $modal.data('keepopen', true); // We want to update the modal content after confirmation // Needed modal elements @@ -102,7 +105,7 @@ $(document).ready(function(){ $.ajax({ url : $actionUrl, type : 'POST', - dataType : 'html', + data : $postDatas, // html contains the buttons success : function(html, statut){ @@ -112,8 +115,8 @@ $(document).ready(function(){ }, error : function(html, statut){ $ajaxLoader.hide(); - $modal.find('.modal-body-text').empty().html(html); - $modal.find('.modal-body-text').append(statut); + $modal.find('.modal-body-text').empty().html(html.responseText); + console.log(html); } }); });