Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

FIX: Do not blindly pass input values to GridField_FormAction URL's

The length of input fields can very quickly exceed the max URI length resulting in 414 errors when printing or exporting results.

To access the input values for a specific GridField action, encapsulate this in your own Entwine instance.
  • Loading branch information...
commit 1853fc864ae4532543ad515247251afa64364780 1 parent 1ddd1dd
@wilr wilr authored
Showing with 31 additions and 17 deletions.
  1. +31 −17 javascript/GridField.js
View
48 javascript/GridField.js
@@ -157,16 +157,24 @@
},
onclick: function(e){
var btn = this.closest(':button'), grid = this.getGridField(),
- form = this.closest('form'), data = form.find(':input').serialize();
+ form = this.closest('form'), data = form.find(':input.gridstate').serialize();;
// Add current button
- data += '&' + encodeURIComponent(btn.attr('name')) + '=' + encodeURIComponent(btn.val());
+ data += "&" + encodeURIComponent(btn.attr('name')) + '=' + encodeURIComponent(btn.val());
- // Include any GET parameters from the current URL, as the view state might depend on it.
- // For example, a list prefiltered through external search criteria might be passed to GridField.
- if(window.location.search) data = window.location.search.replace(/^\?/, '') + '&' + data;
+ // Include any GET parameters from the current URL, as the view
+ // state might depend on it.
+ // For example, a list prefiltered through external search criteria
+ // might be passed to GridField.
+ if(window.location.search) {
+ data = window.location.search.replace(/^\?/, '') + '&' + data;
+ }
+
+ var url = $.path.makeUrlAbsolute(
+ grid.data('url') + '?' + data,
+ $('base').attr('href')
+ );
- var url = $.path.makeUrlAbsolute(grid.data('url') + '?' + data, $('base').attr('href'));
var newWindow = window.open(url);
return false;
@@ -188,22 +196,30 @@
/**
* Prevents actions from causing an ajax reload of the field.
- * Useful e.g. for actions which rely on HTTP response headers being interpreted nativel
- * by the browser, like file download triggers.
+ *
+ * Useful e.g. for actions which rely on HTTP response headers being
+ * interpreted natively by the browser, like file download triggers.
*/
$('.ss-gridfield .action.no-ajax').entwine({
onclick: function(e){
var self = this, btn = this.closest(':button'), grid = this.getGridField(),
- form = this.closest('form'), data = form.find(':input').serialize();
+ form = this.closest('form'), data = form.find(':input.gridstate').serialize();
// Add current button
- data += '&' + encodeURIComponent(btn.attr('name')) + '=' + encodeURIComponent(btn.val());
+ data += "&" + encodeURIComponent(btn.attr('name')) + '=' + encodeURIComponent(btn.val());
- // Include any GET parameters from the current URL, as the view state might depend on it.
- // For example, a list prefiltered through external search criteria might be passed to GridField.
- if(window.location.search) data = window.location.search.replace(/^\?/, '') + '&' + data;
+ // Include any GET parameters from the current URL, as the view
+ // state might depend on it. For example, a list pre-filtered
+ // through external search criteria might be passed to GridField.
+ if(window.location.search) {
+ data = window.location.search.replace(/^\?/, '') + '&' + data;
+ }
+
+ window.location.href = $.path.makeUrlAbsolute(
+ grid.data('url') + '?' + data,
+ $('base').attr('href')
+ );
- window.location.href = $.path.makeUrlAbsolute(grid.data('url') + '?' + data, $('base').attr('href'));
return false;
}
});
@@ -340,7 +356,5 @@
}
}
});
-
});
-
-}(jQuery));
+}(jQuery));
Please sign in to comment.
Something went wrong with that request. Please try again.