Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Upgrade to XE 3.3

CSRF Compatibility
  • Loading branch information...
commit e3f97ad7f7f953af6d003aa5d6b212f93b4732c6 1 parent c6b71de
@ldubost ldubost authored
View
44 pom.xml
@@ -1,27 +1,35 @@
+<!--
+ *
+ * See the NOTICE file distributed with this work for additional
+ * information regarding copyright ownership.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ *
+-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.xwiki.platform.applications</groupId>
<artifactId>xwiki-applications</artifactId>
- <version>28-SNAPSHOT</version>
+ <version>35</version>
</parent>
<groupId>org.xwiki.contrib</groupId>
<artifactId>xwiki-application-meetingmanager</artifactId>
+ <version>VERSION</version>
<packaging>xar</packaging>
- <name>Contrib - Applications - MeetingManager</name>
- <version>1.2-SNAPSHOT</version>
- <description>Application that allows to organize Meetings and create meeting reports</description>
- <scm>
- <connection>scm:svn:http://svn.xwiki.org/svnroot/xwiki/contrib/projects/xwiki-application-meetingmanager/trunk/</connection>
- <developerConnection>scm:svn:https://svn.xwiki.org/svnroot/xwiki/contrib/projects/xwiki-application-meetingmanager/trunk/</developerConnection>
- <url>http://svn.xwiki.org/svnroot/xwiki/contrib/projects/xwiki-application-meetingmanager/trunk/</url>
- </scm>
- <distributionManagement>
- <repository>
- <id>xwiki-staging</id>
- <name>XWiki Staging Repository</name>
- <url>http://nexus.xwiki.org/nexus/service/local/staging/deploy/maven2/</url>
- </repository>
- </distributionManagement>
-</project>
-
+ <name>XWiki Application - MeetingManager</name>
+ <description>Meeting Manager Application</description>
+</project>
View
4 src/main/resources/MMCode/MeetingClassSheet.xml
@@ -36,8 +36,8 @@
<disabled>0</disabled>
<name>defaultEditMode</name>
<number>1</number>
-<prettyName>defaultEditMode</prettyName>
-<size>30</size>
+<prettyName>Default Edit Mode</prettyName>
+<size>15</size>
<unmodifiable>0</unmodifiable>
<classType>com.xpn.xwiki.objects.classes.StringClass</classType>
</defaultEditMode>
View
30 src/main/resources/MMCode/MeetingClassTemplate.xml
@@ -313,7 +313,6 @@
<nameField></nameField>
<validationScript></validationScript>
<allow>
-<customDisplay></customDisplay>
<defaultValue>1</defaultValue>
<disabled>0</disabled>
<displayFormType>select</displayFormType>
@@ -321,72 +320,51 @@
<name>allow</name>
<number>4</number>
<prettyName>Allow/Deny</prettyName>
-<tooltip></tooltip>
<unmodifiable>0</unmodifiable>
-<validationMessage></validationMessage>
-<validationRegExp></validationRegExp>
<classType>com.xpn.xwiki.objects.classes.BooleanClass</classType>
</allow>
<groups>
<cache>0</cache>
-<customDisplay></customDisplay>
<disabled>0</disabled>
<displayType>select</displayType>
<multiSelect>1</multiSelect>
<name>groups</name>
-<number>4</number>
-<picker></picker>
+<number>1</number>
<prettyName>Groups</prettyName>
<relationalStorage>0</relationalStorage>
<separator> </separator>
<size>5</size>
-<sort>none</sort>
-<tooltip></tooltip>
<unmodifiable>0</unmodifiable>
<usesList>1</usesList>
-<validationMessage></validationMessage>
-<validationRegExp></validationRegExp>
<classType>com.xpn.xwiki.objects.classes.GroupsClass</classType>
</groups>
<levels>
<cache>0</cache>
-<customDisplay></customDisplay>
<disabled>0</disabled>
<displayType>select</displayType>
<multiSelect>1</multiSelect>
<name>levels</name>
-<number>4</number>
-<picker></picker>
+<number>2</number>
<prettyName>Levels</prettyName>
<relationalStorage>0</relationalStorage>
<separator> </separator>
<size>3</size>
-<sort>none</sort>
-<tooltip></tooltip>
<unmodifiable>0</unmodifiable>
-<validationMessage></validationMessage>
-<validationRegExp></validationRegExp>
<classType>com.xpn.xwiki.objects.classes.LevelsClass</classType>
</levels>
<users>
<cache>0</cache>
-<customDisplay></customDisplay>
<disabled>0</disabled>
<displayType>select</displayType>
<multiSelect>1</multiSelect>
<name>users</name>
-<number>4</number>
-<picker></picker>
+<number>3</number>
<prettyName>Users</prettyName>
<relationalStorage>0</relationalStorage>
<separator> </separator>
<size>5</size>
-<sort>none</sort>
-<tooltip></tooltip>
<unmodifiable>0</unmodifiable>
-<usesList>0</usesList>
-<validationMessage></validationMessage>
-<validationRegExp></validationRegExp>
+<usesList>1</usesList>
<classType>com.xpn.xwiki.objects.classes.UsersClass</classType>
</users>
</class>
View
1  src/main/resources/MMCode/MeetingDateSelection.xml
@@ -45,6 +45,7 @@
#end
&lt;form action="$doc.getURL('saveandcontinue')"&gt;
&lt;div&gt;
+ &lt;input type="hidden" name="form_token" value="$!{services.csrf.getToken()}" /&gt;
## force empty date to be today
#if(!$meeting.get("date"))
#set($ok = $meeting.set("date", $util.date))
View
2  src/main/resources/MMCode/MeetingDateVote.xml
@@ -31,6 +31,7 @@
&lt;div id="addnewoption"&gt;$msg.get('meetings.meeting.vote.newoption.button')&lt;/div&gt;
&lt;div class="ismanager #if($attempts.size() &gt; 0)hidden#end" id="newoption"&gt;
&lt;form action="$doc.getURL('objectadd')"&gt;
+&lt;input type="hidden" name="form_token" value="$!{services.csrf.getToken()}" /&gt;
&lt;div class="adddate"&gt;
#set($redirectURL=$doc.getURL("save","MMCode.MeetingClass_0_status=voteopen&amp;xredirect=${doc.getURL('view')}#vote"))
&lt;input type="hidden" name="classname" id="classname" value="MMCode.MeetingDateAttemptClass" /&gt;
@@ -78,6 +79,7 @@ $msg.get('meetings.meeting.vote.options'):
#info("$msg.get('meetings.meeting.vote.finishvotehelp')")
&lt;form action="$doc.getURL('save')" method="post"&gt;
&lt;div&gt;
+ &lt;input type="hidden" name="form_token" value="$!{services.csrf.getToken()}" /&gt;
&lt;input type="hidden" name="xredirect" value="$doc.getURL('view')#date" /&gt;
&lt;input type="hidden" name="MMCode.MeetingClass_0_status" value="voteclosed" /&gt;
&lt;span class="buttonwrapper"&gt;
View
4 src/main/resources/MMCode/MeetingEmails.xml
@@ -90,7 +90,7 @@
<separators> ,|</separators>
<size>1</size>
<unmodifiable>0</unmodifiable>
-<values>onDemand=On demand|always=Always</values>
+<values>currentPage=Always on this page|onDemand=On demand|always=Always on this wiki</values>
<classType>com.xpn.xwiki.objects.classes.StaticListClass</classType>
</use>
</class>
@@ -251,7 +251,7 @@ window.NotificationMailBox = Class.create(Lightbox, {
<separators> ,|</separators>
<size>1</size>
<unmodifiable>0</unmodifiable>
-<values>onDemand=On demand|always=Always</values>
+<values>currentPage=Always on this page|onDemand=On demand|always=Always on this wiki</values>
<classType>com.xpn.xwiki.objects.classes.StaticListClass</classType>
</use>
</class>
View
264 src/main/resources/MMCode/MeetingInfos.xml
@@ -24,6 +24,118 @@
<hidden>false</hidden>
<object>
<class>
+<name>MMCode.MeetingParticipantClass</name>
+<customClass></customClass>
+<customMapping></customMapping>
+<defaultViewSheet></defaultViewSheet>
+<defaultEditSheet></defaultEditSheet>
+<defaultWeb></defaultWeb>
+<nameField></nameField>
+<validationScript></validationScript>
+<available>
+<disabled>0</disabled>
+<name>available</name>
+<number>5</number>
+<prettyName>available</prettyName>
+<size>30</size>
+<unmodifiable>0</unmodifiable>
+<classType>com.xpn.xwiki.objects.classes.StringClass</classType>
+</available>
+<message>
+<contenttype>FullyRenderedText</contenttype>
+<customDisplay></customDisplay>
+<disabled>0</disabled>
+<editor>---</editor>
+<name>message</name>
+<number>4</number>
+<picker>0</picker>
+<prettyName>message</prettyName>
+<rows>2</rows>
+<size>30</size>
+<tooltip></tooltip>
+<unmodifiable>0</unmodifiable>
+<validationMessage></validationMessage>
+<validationRegExp></validationRegExp>
+<classType>com.xpn.xwiki.objects.classes.TextAreaClass</classType>
+</message>
+<participation>
+<cache>1</cache>
+<customDisplay></customDisplay>
+<disabled>0</disabled>
+<displayType>select</displayType>
+<multiSelect>0</multiSelect>
+<name>participation</name>
+<number>2</number>
+<picker>0</picker>
+<prettyName>participation</prettyName>
+<relationalStorage>0</relationalStorage>
+<separator> </separator>
+<separators> ,|</separators>
+<size>1</size>
+<sort>none</sort>
+<tooltip></tooltip>
+<unmodifiable>0</unmodifiable>
+<validationMessage></validationMessage>
+<validationRegExp></validationRegExp>
+<values>undecided|confirmed|declined</values>
+<classType>com.xpn.xwiki.objects.classes.StaticListClass</classType>
+</participation>
+<presence>
+<cache>0</cache>
+<customDisplay></customDisplay>
+<disabled>0</disabled>
+<displayType>select</displayType>
+<multiSelect>0</multiSelect>
+<name>presence</name>
+<number>3</number>
+<picker>0</picker>
+<prettyName>presence</prettyName>
+<relationalStorage>0</relationalStorage>
+<separator> </separator>
+<separators> ,|</separators>
+<size>1</size>
+<sort>none</sort>
+<tooltip></tooltip>
+<unmodifiable>0</unmodifiable>
+<validationMessage></validationMessage>
+<validationRegExp></validationRegExp>
+<values>present|absent|late</values>
+<classType>com.xpn.xwiki.objects.classes.StaticListClass</classType>
+</presence>
+<unavailable>
+<disabled>0</disabled>
+<name>unavailable</name>
+<number>6</number>
+<prettyName>unavailable</prettyName>
+<size>30</size>
+<unmodifiable>0</unmodifiable>
+<classType>com.xpn.xwiki.objects.classes.StringClass</classType>
+</unavailable>
+<username>
+<customDisplay></customDisplay>
+<disabled>0</disabled>
+<name>username</name>
+<number>1</number>
+<picker>0</picker>
+<prettyName>username</prettyName>
+<size>30</size>
+<tooltip></tooltip>
+<unmodifiable>0</unmodifiable>
+<validationMessage></validationMessage>
+<validationRegExp></validationRegExp>
+<classType>com.xpn.xwiki.objects.classes.StringClass</classType>
+</username>
+</class>
+<name>MMCode.MeetingInfos</name>
+<number>0</number>
+<className>MMCode.MeetingParticipantClass</className>
+<guid>1629cd33-fea1-4fb1-b80d-6984d822b0ae</guid>
+<property>
+<username>XWiki.JeromeVelociter</username>
+</property>
+</object>
+<object>
+<class>
<name>XWiki.JavaScriptExtension</name>
<customClass></customClass>
<customMapping></customMapping>
@@ -90,7 +202,7 @@
<separators> ,|</separators>
<size>1</size>
<unmodifiable>0</unmodifiable>
-<values>onDemand=On demand|always=Always</values>
+<values>currentPage=Always on this page|onDemand=On demand|always=Always on this wiki</values>
<classType>com.xpn.xwiki.objects.classes.StaticListClass</classType>
</use>
</class>
@@ -176,121 +288,9 @@ function saveInfos() {
<use>onDemand</use>
</property>
</object>
-<object>
-<class>
-<name>MMCode.MeetingParticipantClass</name>
-<customClass></customClass>
-<customMapping></customMapping>
-<defaultViewSheet></defaultViewSheet>
-<defaultEditSheet></defaultEditSheet>
-<defaultWeb></defaultWeb>
-<nameField></nameField>
-<validationScript></validationScript>
-<available>
-<disabled>0</disabled>
-<name>available</name>
-<number>5</number>
-<prettyName>available</prettyName>
-<size>30</size>
-<unmodifiable>0</unmodifiable>
-<classType>com.xpn.xwiki.objects.classes.StringClass</classType>
-</available>
-<message>
-<contenttype>FullyRenderedText</contenttype>
-<customDisplay></customDisplay>
-<disabled>0</disabled>
-<editor>---</editor>
-<name>message</name>
-<number>4</number>
-<picker>0</picker>
-<prettyName>message</prettyName>
-<rows>2</rows>
-<size>30</size>
-<tooltip></tooltip>
-<unmodifiable>0</unmodifiable>
-<validationMessage></validationMessage>
-<validationRegExp></validationRegExp>
-<classType>com.xpn.xwiki.objects.classes.TextAreaClass</classType>
-</message>
-<participation>
-<cache>1</cache>
-<customDisplay></customDisplay>
-<disabled>0</disabled>
-<displayType>select</displayType>
-<multiSelect>0</multiSelect>
-<name>participation</name>
-<number>2</number>
-<picker>0</picker>
-<prettyName>participation</prettyName>
-<relationalStorage>0</relationalStorage>
-<separator> </separator>
-<separators> ,|</separators>
-<size>1</size>
-<sort>none</sort>
-<tooltip></tooltip>
-<unmodifiable>0</unmodifiable>
-<validationMessage></validationMessage>
-<validationRegExp></validationRegExp>
-<values>undecided|confirmed|declined</values>
-<classType>com.xpn.xwiki.objects.classes.StaticListClass</classType>
-</participation>
-<presence>
-<cache>0</cache>
-<customDisplay></customDisplay>
-<disabled>0</disabled>
-<displayType>select</displayType>
-<multiSelect>0</multiSelect>
-<name>presence</name>
-<number>3</number>
-<picker>0</picker>
-<prettyName>presence</prettyName>
-<relationalStorage>0</relationalStorage>
-<separator> </separator>
-<separators> ,|</separators>
-<size>1</size>
-<sort>none</sort>
-<tooltip></tooltip>
-<unmodifiable>0</unmodifiable>
-<validationMessage></validationMessage>
-<validationRegExp></validationRegExp>
-<values>present|absent|late</values>
-<classType>com.xpn.xwiki.objects.classes.StaticListClass</classType>
-</presence>
-<unavailable>
-<disabled>0</disabled>
-<name>unavailable</name>
-<number>6</number>
-<prettyName>unavailable</prettyName>
-<size>30</size>
-<unmodifiable>0</unmodifiable>
-<classType>com.xpn.xwiki.objects.classes.StringClass</classType>
-</unavailable>
-<username>
-<customDisplay></customDisplay>
-<disabled>0</disabled>
-<name>username</name>
-<number>1</number>
-<picker>0</picker>
-<prettyName>username</prettyName>
-<size>30</size>
-<tooltip></tooltip>
-<unmodifiable>0</unmodifiable>
-<validationMessage></validationMessage>
-<validationRegExp></validationRegExp>
-<classType>com.xpn.xwiki.objects.classes.StringClass</classType>
-</username>
-</class>
-<name>MMCode.MeetingInfos</name>
-<number>0</number>
-<className>MMCode.MeetingParticipantClass</className>
-<guid>1629cd33-fea1-4fb1-b80d-6984d822b0ae</guid>
-<property>
-<username>XWiki.JeromeVelociter</username>
-</property>
-</object>
-<content>{{include document="MMCode.MeetingManagerMacros" /}}
-{{velocity filter="none"}}
-{{html clean="false" wiki="false"}} ## We need wiki=false other wise the wysiwyg imports will be transformed (CDATA, etc.)
+<content>{{include document="MMCode.MeetingManagerMacros"/}}
+
+{{velocity}}{{html}} ## We need wiki=false (default value) otherwise the wysiwyg imports will be transformed (CDATA, etc.)
## ---------------------------------------------------------------------------------
## SX.
## ---------------------------------------------------------------------------------
@@ -310,24 +310,21 @@ function saveInfos() {
#set($isManager = false)
#end
#else
- ##
- ## If we are not hit by AJAX, we setup needs for displaying a GWT-WYSYWIG editor for the meeting description.
- ## The actual editor will be fired from javascript when the user clicks "edit meeting infos". See SX attached.
- #wysiwyg_import(false)
- ##wysiwyg_inputProperty($meetingDoc "MMCode.MeetingClass_0_description")
- ##wysiwyg_storeConfig("meetingDescriptionEditorConfig" $meetingDoc "MMCode.MeetingClass_0_description" false)
-## Define the map of parameters to be used to configure the WYSIWYG editor.
-#set($parameters = $util.hashMap)
-## Store the default WYSIWYG editor configuration parameters in the $parameters map.
-#wysiwyg_storeConfig($parameters $meetingDoc "MMCode.MeetingClass_0_description" false)
-## The following line adds the inputURL parameter to $parameters map.
-#wysiwyg_inputProperty($meetingDoc "MMCode.MeetingClass_0_description", $parameters)
-## At this point you can customize the default WYSIWYG editor configuration parameters.
-##set($ok = $parameters.put('parameterName', 'parameterValue'))
-## Write the $parameters map to a JavaScript variable.
-#wysiwyg_writeConfig("meetingDescriptionEditorConfig" $parameters)
+ ##
+ ## If we are not hit by AJAX, we setup needs for displaying a GWT-WYSYWIG editor for the meeting description.
+ ## The actual editor will be fired from javascript when the user clicks "edit meeting infos". See SX attached.
+ #wysiwyg_import(false)##
+ ## Define the map of parameters to be used to configure the WYSIWYG editor.
+ #set($parameters = $util.hashMap)##
+ ## Store the default WYSIWYG editor configuration parameters in the $parameters map.
+ #wysiwyg_storeConfig($parameters $meetingDoc "MMCode.MeetingClass_0_description" false)##
+ ## At this point you can customize the default WYSIWYG editor configuration parameters.
+ ##set($ok = $parameters.put('parameterName', 'parameterValue'))
+ ## Write the $parameters map to a JavaScript variable.
+ #wysiwyg_writeConfig("meetingDescriptionEditorConfig" $parameters)##
#end
{{/html}}
+
{{html clean="false" wiki="true"}}
#set($meeting = $meetingDoc.getObject("MMCode.MeetingClass"))
#if(!$meeting) #warning("$msg.get('meetings.no_meeting')")
@@ -414,5 +411,4 @@ $meetingDoc.getObject("XWiki.TagClass").display("tags", "view")&amp;nbsp;&amp;nb
&lt;/a&gt;&lt;/p&gt;
#if("$!request.xpage" == "") &lt;/div&gt; #end
#end
-{{/html}}
-{{/velocity}}</content></xwikidoc>
+{{/html}}{{/velocity}}</content></xwikidoc>
View
1,294 src/main/resources/MMCode/MeetingManager.xml
1,277 additions, 17 deletions not shown
View
2  src/main/resources/MMCode/MeetingManagerService.xml
@@ -147,6 +147,7 @@
#set($actionURL = $meetingDoc.getURL('save',"xredirect=$doc.getURL('view','started=1')"))
&lt;form action="$actionURL"&gt;
&lt;div&gt;
+ &lt;input type="hidden" name="form_token" value="$!{services.csrf.getToken()}" /&gt;
&lt;input type="hidden" name="MMCode.MeetingClass_0_status" value="started" /&gt;
&lt;div style="margin-top:15px;" align="center"&gt;
&lt;span class="buttonwrapper"&gt;
@@ -162,6 +163,7 @@
#set($actionURL = $meetingDoc.getURL('save',"xredirect=$doc.getURL('view','closed=1')"))
&lt;form action="$actionURL"&gt;
&lt;div&gt;
+ &lt;input type="hidden" name="form_token" value="$!{services.csrf.getToken()}" /&gt;
&lt;input type="hidden" name="MMCode.MeetingClass_0_status" value="finished" /&gt;
&lt;div style="margin-top:15px;" align="center"&gt;
&lt;span class="buttonwrapper"&gt;
View
42 src/main/resources/MMCode/MeetingMinutes.xml
@@ -90,7 +90,7 @@
<separators> ,|</separators>
<size>1</size>
<unmodifiable>0</unmodifiable>
-<values>onDemand=On demand|always=Always</values>
+<values>currentPage=Always on this page|onDemand=On demand|always=Always on this wiki</values>
<classType>com.xpn.xwiki.objects.classes.StaticListClass</classType>
</use>
</class>
@@ -122,9 +122,14 @@ document.observe("dom:loaded", function(){
});
}
});
+
function saveMinutes(){
+ saveMinutes2("$!{services.csrf.token}");
+}
+
+function saveMinutes2(formToken){
var url = XWiki.getActionURL(XWiki.currentSpace, XWiki.currentDocument, "save", 0);
- var args = {"ajax":"1"};
+ var args = {"ajax":"1", "form_token" : formToken };
editorMinutes.getSourceText(function(text){
args["MMCode.MeetingClass_0_minutes"] = text;
$('minutesview').innerHTML = "&lt;br /&gt;";
@@ -133,16 +138,21 @@ function saveMinutes(){
method:"post",
parameters: args,
onComplete:function(transport) {
- var savedMsg = new Element("div",{'class':'infomessage'}).update("$msg.get('meetings.meeting.minutes.saved')");
- $('minutesview').insert({before: savedMsg});
- setTimeout(function() { savedMsg.remove();}, 3000);
- var viewURL = "$xwiki.getURL('MMCode.MeetingMinutes','view','xpage=plain&amp;type=minutes')&amp;meeting=" + XWiki.currentSpace + "." + XWiki.currentDocument;
- var ajx2 = new Ajax.Request(viewURL, {
+ if (transport.responseText=="") {
+ var savedMsg = new Element("div",{'class':'infomessage'}).update("$msg.get('meetings.meeting.minutes.saved')");
+ $('minutesview').insert({before: savedMsg});
+ setTimeout(function() { savedMsg.remove();}, 3000);
+ var viewURL = "$xwiki.getURL('MMCode.MeetingMinutes','view','xpage=plain&amp;type=minutes')&amp;meeting=" + XWiki.currentSpace + "." + XWiki.currentDocument;
+ var ajx2 = new Ajax.Request(viewURL, {
onComplete: function(transport) {
$('minutesview').removeClassName("loading");
$('minutesview').innerHTML = transport.responseText;
}
- });
+ });
+ } else {
+ alert("Failed (probably CSRF)");
+ // some work needed here to resubmit with the right token
+ }
}
});
});
@@ -164,15 +174,20 @@ document.observe("dom:loaded", function(){
}
});
function saveTasks(){
+ saveTasks2("$!{services.csrf.token}");
+}
+
+function saveTasks2(formToken){
var url = XWiki.getActionURL(XWiki.currentSpace, XWiki.currentDocument, "save", 0);
$('tasksview').innerHTML = "&lt;br /&gt;";
$('tasksview').addClassName("loading");
editorTasks.getSourceText(function(text) {
- var args = {"ajax":"1", "MMCode.MeetingClass_0_tasks": text};
+ var args = {"ajax":"1", "form_token" : formToken, "MMCode.MeetingClass_0_tasks": text};
var ajx = new Ajax.Request(url, {
method:"post",
parameters: args,
onComplete:function(transport) {
+ if (transport.responseText=="") {
var savedMsg = new Element("div",{'class':'infomessage'}).update("$msg.get('meetings.meeting.tasks.saved')");
$('tasksview').insert({before: savedMsg});
setTimeout(function() { savedMsg.remove();}, 3000);
@@ -183,6 +198,10 @@ function saveTasks(){
$('tasksview').innerHTML = transport.responseText;
}
});
+ } else {
+ alert("Failed (probably CSRF)");
+ // some work needed here to resubmit with the right token
+ }
}
});
});
@@ -223,10 +242,11 @@ $msg.get('meetings.meeting.minutes')
{{html wiki="false"}}
## Define the map of parameters to be used to configure the WYSIWYG editor.
#set($parameters = $util.hashMap)
+##set($ok = $parameters.put("hookId", "MMCode.MeetingClass_0_minutes"))
## Store the default WYSIWYG editor configuration parameters in the $parameters map.
#wysiwyg_storeConfig($parameters $meetingDoc "MMCode.MeetingClass_0_minutes" false)
## The following line adds the inputURL parameter to $parameters map.
-#wysiwyg_inputProperty($meetingDoc "MMCode.MeetingClass_0_minutes", $parameters)
+##wysiwyg_editPropertyCustom($meetingDoc, $parameters)
## At this point you can customize the default WYSIWYG editor configuration parameters.
##set($ok = $parameters.put('parameterName', 'parameterValue'))
## Write the $parameters map to a JavaScript variable.
@@ -273,7 +293,7 @@ $msg.get('meetings.meeting.tasks')
## Store the default WYSIWYG editor configuration parameters in the $parameters map.
#wysiwyg_storeConfig($parameters $meetingDoc "MMCode.MeetingClass_0_tasks" false)
## The following line adds the inputURL parameter to $parameters map.
-#wysiwyg_inputProperty($meetingDoc "MMCode.MeetingClass_0_tasks", $parameters)
+##wysiwyg_inputProperty($meetingDoc "MMCode.MeetingClass_0_tasks", $parameters)
## At this point you can customize the default WYSIWYG editor configuration parameters.
##set($ok = $parameters.put('parameterName', 'parameterValue'))
## Write the $parameters map to a JavaScript variable.
View
1  src/main/resources/MMCode/MeetingWebHomeSheet.xml
@@ -54,6 +54,7 @@ $msg.get('meetings.dashboard.youcanalso'):
&lt;div id="newmeetingform" class="hidden"&gt;
&lt;form action="" id="newdoc" method="post"&gt;
&lt;div&gt;
+ &lt;input type="hidden" name="form_token" value="$!{services.csrf.getToken()}" /&gt;
&lt;input type="hidden" name="parent" value="${meetingSpace}.WebHome" /&gt;
&lt;input type="hidden" name="template" value="MMCode.MeetingClassTemplate" /&gt;
&lt;input type="hidden" name="sheet" value="1" /&gt;
Please sign in to comment.
Something went wrong with that request. Please try again.