Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
CSRF token has been added generally on all post request with post met…
…hod. (http, https, and APIs)
  • Loading branch information
khodakhah committed Oct 3, 2021
1 parent 37e9ed0 commit ab89b0e
Show file tree
Hide file tree
Showing 8 changed files with 36 additions and 10 deletions.
9 changes: 0 additions & 9 deletions nodcms-core/Libraries/Form.php
Expand Up @@ -129,15 +129,6 @@ function __construct($CI)

function config($inputs, $action = '', $method = 'post', $type = 'ajax', $notes = array())
{
// Add CSRF token on SSL Protocol requests
if(SSL_PROTOCOL) {
$inputs[] = [
'field'=>csrf_token(),
'type'=>"hidden",
'default'=>csrf_hash(),
'rules'=>"",
];
}
$this->data['inputs'] = $inputs;
$this->data['action'] = $action;
$this->data['back_url'] = $action;
Expand Down
1 change: 1 addition & 0 deletions nodcms-layout/Views/admin/layout.php
Expand Up @@ -11,6 +11,7 @@
<?php } ?>
<title><?php echo $title; ?> <?php echo isset($sub_title)?$sub_title:""; ?></title>

<?php echo csrf_meta("csrf_meta"); ?>
<?php echo $this->settings['add_on_header']; ?>

<link href="//fonts.googleapis.com/css?family=Open+Sans:400,300,600,700&subset=all" rel="stylesheet" type="text/css"/>
Expand Down
1 change: 1 addition & 0 deletions nodcms-layout/Views/nodcms-clean.php
Expand Up @@ -11,6 +11,7 @@
<?php } ?>
<title><?php echo $title; ?> <?php echo isset($sub_title)?$sub_title:""; ?></title>

<?php echo csrf_meta("csrf_meta"); ?>
<?php echo $this->settings['add_on_header']; ?>

<!-- BEGIN GLOBAL MANDATORY STYLES -->
Expand Down
1 change: 1 addition & 0 deletions nodcms-layout/Views/nodcms-frontend.php
Expand Up @@ -13,6 +13,7 @@
<link rel="shortcut icon" href="<?php echo base_url($settings["fav_icon"]); ?>">
<?php } ?>
<title><?php echo $title; ?> <?php echo isset($sub_title)?$sub_title:""; ?></title>
<?php echo csrf_meta("csrf_meta"); ?>
<?php echo $this->settings['add_on_header']; ?>
<link href="//fonts.googleapis.com/css?family=Open+Sans:400,300,600,700&subset=all" rel="stylesheet" type="text/css"/>
<link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.2.0/css/all.css">
Expand Down
1 change: 1 addition & 0 deletions nodcms-layout/Views/nodcms-membership.php
Expand Up @@ -11,6 +11,7 @@
<?php } ?>
<title><?php echo $title; ?> <?php echo isset($sub_title)?$sub_title:""; ?></title>

<?php echo csrf_meta("csrf_meta"); ?>
<?php echo $this->settings['add_on_header']; ?>

<!-- BEGIN GLOBAL MANDATORY STYLES -->
Expand Down
1 change: 1 addition & 0 deletions nodcms-users/Views/layout.php
Expand Up @@ -18,6 +18,7 @@
<meta charset="utf-8"/>
<title><?php echo $title; ?></title>

<?php echo csrf_meta("csrf_meta"); ?>
<?php echo $this->settings['add_on_header']; ?>

<meta http-equiv="X-UA-Compatible" content="IE=edge">
Expand Down
30 changes: 30 additions & 0 deletions public/assets/nodcms/js/common.js
Expand Up @@ -16,6 +16,36 @@ function translate(value){
}

(function ($) {

// Save the origin jquery ajax
let $originAjax = $.ajax;

// Reset jquery ajax function to add csrf token generally
$.ajax = function (url, options) {

// If url is an object, simulate pre-1.5 signature
if ( typeof url === "object" ) {
options = url;
url = undefined;
}

// Force options to be an object
options = options || {};

if((options.hasOwnProperty('method') && options.method !== null && options.method.toLowerCase() === "post") ||
(options.hasOwnProperty('type') && options.type !== null && options.type.toLowerCase() === "post")) {
let m = document.getElementById('csrf_meta');
if(m !== null) {
if(!options.hasOwnProperty('headers')) options['headers'] = {};
if(!options.headers.hasOwnProperty(m.getAttribute('name'))) {
options.headers[m.getAttribute('name')] = m.getAttribute('content');
}
}
}

return $originAjax(url, options);
};

$.dataListSearch = function () {
var query_string = "?";
$('.data-list-search-input').each(function () {
Expand Down
2 changes: 1 addition & 1 deletion public/assets/nodcms/js/common.min.js

Large diffs are not rendered by default.

0 comments on commit ab89b0e

Please sign in to comment.