From 3f778f9a77b7a2d529b208de7995227739341e4b Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Mon, 14 Dec 2015 15:16:32 +0100 Subject: [PATCH] seperate html from javascript to make content security policy possible --- out/out.AddFile.php | 2 +- out/out.DropFolderChooser.php | 2 +- out/out.EditDocument.php | 2 +- out/out.KeywordChooser.php | 2 +- out/out.UpdateDocument.php | 2 +- views/bootstrap/class.AddFile.php | 50 ++++++------ views/bootstrap/class.Bootstrap.php | 50 ++++++++++-- views/bootstrap/class.DropFolderChooser.php | 12 ++- views/bootstrap/class.EditDocument.php | 53 +++++++------ views/bootstrap/class.KeywordChooser.php | 52 ++++++++----- views/bootstrap/class.UpdateDocument.php | 84 ++++++++++++--------- 11 files changed, 200 insertions(+), 111 deletions(-) diff --git a/out/out.AddFile.php b/out/out.AddFile.php index 3c5d8d288..e25a533f5 100644 --- a/out/out.AddFile.php +++ b/out/out.AddFile.php @@ -49,7 +49,7 @@ $tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME'])); $view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user, 'folder'=>$folder, 'document'=>$document, 'strictformcheck'=>$settings->_strictFormCheck, 'enablelargefileupload'=>$settings->_enableLargeFileUpload)); if($view) { $view->setParam('accessobject', $accessop); - $view->show(); + $view($_GET); exit; } diff --git a/out/out.DropFolderChooser.php b/out/out.DropFolderChooser.php index d0e593aec..b5baf5e69 100644 --- a/out/out.DropFolderChooser.php +++ b/out/out.DropFolderChooser.php @@ -41,7 +41,7 @@ $view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user, 'dropfold if($view) { $view->setParam('cachedir', $settings->_cacheDir); $view->setParam('previewWidthList', $settings->_previewWidthList); - $view->show(); + $view($_GET); exit; } diff --git a/out/out.EditDocument.php b/out/out.EditDocument.php index b339e7094..e9138cdea 100644 --- a/out/out.EditDocument.php +++ b/out/out.EditDocument.php @@ -55,7 +55,7 @@ $tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME'])); $view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user, 'folder'=>$folder, 'document'=>$document, 'attrdefs'=>$attrdefs, 'strictformcheck'=>$settings->_strictFormCheck, 'orderby'=>$settings->_sortFoldersDefault)); if($view) { $view->setParam('accessobject', $accessop); - $view->show(); + $view($_GET); exit; } diff --git a/out/out.KeywordChooser.php b/out/out.KeywordChooser.php index 87671e7a6..6871d99eb 100644 --- a/out/out.KeywordChooser.php +++ b/out/out.KeywordChooser.php @@ -42,7 +42,7 @@ if($_GET['target']) { $tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME'])); $view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user, 'categories'=>$categories, 'form'=>$target)); if($view) { - $view->show(); + $view($_GET); exit; } diff --git a/out/out.UpdateDocument.php b/out/out.UpdateDocument.php index 216613ed3..a79873ded 100644 --- a/out/out.UpdateDocument.php +++ b/out/out.UpdateDocument.php @@ -62,7 +62,7 @@ $tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME'])); $view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user, 'folder'=>$folder, 'document'=>$document, 'strictformcheck'=>$settings->_strictFormCheck, 'enablelargefileupload'=>$settings->_enableLargeFileUpload, 'enableadminrevapp'=>$settings->_enableAdminRevApp, 'enableownerrevapp'=>$settings->_enableOwnerRevApp, 'enableselfrevapp'=>$settings->_enableSelfRevApp, 'dropfolderdir'=>$settings->_dropFolderDir, 'workflowmode'=>$settings->_workflowMode, 'presetexpiration'=>$settings->_presetExpirationDate)); if($view) { $view->setParam('accessobject', $accessop); - $view->show(); + $view($_GET); exit; } diff --git a/views/bootstrap/class.AddFile.php b/views/bootstrap/class.AddFile.php index a94eaf552..924c66474 100644 --- a/views/bootstrap/class.AddFile.php +++ b/views/bootstrap/class.AddFile.php @@ -31,30 +31,17 @@ require_once("class.Bootstrap.php"); */ class SeedDMS_View_AddFile extends SeedDMS_Bootstrap_Style { - function show() { /* {{{ */ - $dms = $this->params['dms']; - $user = $this->params['user']; - $folder = $this->params['folder']; - $document = $this->params['document']; - $strictformcheck = $this->params['strictformcheck']; - $enablelargefileupload = $this->params['enablelargefileupload']; - - $this->htmlStartPage(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName())))); - $this->globalNavigation($folder); - $this->contentStart(); - $this->pageNavigation($this->getFolderPathHTML($folder, true, $document), "view_document", $document); - + function js() { /* {{{ */ ?> - + +$(document).ready( function() { + $('body').on('submit', '#fileupload', function(ev){ + if(checkForm()) return; + event.preventDefault(); + }); +}); params['dms']; + $user = $this->params['user']; + $folder = $this->params['folder']; + $document = $this->params['document']; + $strictformcheck = $this->params['strictformcheck']; + $enablelargefileupload = $this->params['enablelargefileupload']; + + $this->htmlStartPage(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName())))); + $this->globalNavigation($folder); + $this->contentStart(); + $this->pageNavigation($this->getFolderPathHTML($folder, true, $document), "view_document", $document); + $this->contentHeading(getMLText("linked_files")); ?>
@@ -89,7 +97,7 @@ function checkForm() $this->contentContainerStart(); ?> -
+ @@ -102,11 +110,11 @@ function checkForm() - + - + diff --git a/views/bootstrap/class.Bootstrap.php b/views/bootstrap/class.Bootstrap.php index 98ec4b820..bc61def43 100644 --- a/views/bootstrap/class.Bootstrap.php +++ b/views/bootstrap/class.Bootstrap.php @@ -43,7 +43,7 @@ class SeedDMS_Bootstrap_Style extends SeedDMS_View_Common { } /* }}} */ function htmlStartPage($title="", $bodyClass="") { /* {{{ */ - if(method_exists($this, 'js')) { + if(1||method_exists($this, 'js')) { /* We still need unsafe-eval, because printDocumentChooserHtml and * printFolderChooserHtml will include a javascript file with ajax * which is evaled by jquery @@ -1016,7 +1016,7 @@ function folderSelected(id, name) {
@@ -1032,12 +1032,31 @@ function folderSelected(id, name) {
- +
+$('#acceptkeywords').click(function(ev) { + acceptKeywords(); +}); +printKeywordChooserHtml($formName, $keywords, $fieldname); +?> + +getType()) { case SeedDMS_Core_AttributeDefinition::type_boolean: @@ -1086,10 +1105,10 @@ function folderSelected(id, name) { } } /* }}} */ - function printDropFolderChooser($formName, $dropfolderfile="") { /* {{{ */ + function printDropFolderChooserHtml($formName, $dropfolderfile="") { /* {{{ */ print "
\n"; print ""; - print ""; + print ""; print "".getMLText("choose_target_file")."…\n"; print "
\n"; ?> @@ -1106,7 +1125,11 @@ function folderSelected(id, name) { - +$('#clearfilename').click(function(ev) { + $('#dropfolderfile').val(''); +}); +printDropFolderChooserHtml($formName, $dropfolderfile); +?> + +$('#fileselect').click(function(ev) { + attr_filename = $(ev.currentTarget).attr('filename'); + fileSelected(attr_filename); +}); +params['dms']; $user = $this->params['user']; @@ -75,12 +84,13 @@ var targetName = document..dropfolderfile; if($previewer->hasRawPreview($dir.'/'.$entry, 'dropfolder/')) { echo ""; } - echo "\n"; + echo "\n"; } } } echo "\n"; echo "
:
:
".$entry."".SeedDMS_Core_File::format_filesize(filesize($dir.'/'.$entry))."".date('Y-m-d H:i:s', filectime($dir.'/'.$entry))."
".$entry."".SeedDMS_Core_File::format_filesize(filesize($dir.'/'.$entry))."".date('Y-m-d H:i:s', filectime($dir.'/'.$entry))."
\n"; + echo ''."\n"; } } diff --git a/views/bootstrap/class.EditDocument.php b/views/bootstrap/class.EditDocument.php index ab2f4fd69..e2fc89c1c 100644 --- a/views/bootstrap/class.EditDocument.php +++ b/views/bootstrap/class.EditDocument.php @@ -31,31 +31,19 @@ require_once("class.Bootstrap.php"); */ class SeedDMS_View_EditDocument extends SeedDMS_Bootstrap_Style { - function show() { /* {{{ */ - $dms = $this->params['dms']; - $user = $this->params['user']; - $folder = $this->params['folder']; - $document = $this->params['document']; - $attrdefs = $this->params['attrdefs']; + function js() { /* {{{ */ $strictformcheck = $this->params['strictformcheck']; - $orderby = $this->params['orderby']; - - $this->htmlStartPage(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName())))); - $this->globalNavigation($folder); - $this->contentStart(); - $this->pageNavigation($this->getFolderPathHTML($folder, true, $document), "view_document", $document); - + $this->printKeywordChooserJs(); ?> - +$(document).ready( function() { + $('body').on('submit', '#form1', function(ev){ + if(checkForm()) return; + event.preventDefault(); + }); +}); params['dms']; + $user = $this->params['user']; + $folder = $this->params['folder']; + $document = $this->params['document']; + $attrdefs = $this->params['attrdefs']; + $strictformcheck = $this->params['strictformcheck']; + $orderby = $this->params['orderby']; + + $this->htmlStartPage(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName())))); + $this->globalNavigation($folder); + $this->contentStart(); + $this->pageNavigation($this->getFolderPathHTML($folder, true, $document), "view_document", $document); + $this->contentHeading(getMLText("edit_document_props")); $this->contentContainerStart(); @@ -85,22 +94,22 @@ function checkForm() else $expdate = ''; ?> - + - + - + diff --git a/views/bootstrap/class.KeywordChooser.php b/views/bootstrap/class.KeywordChooser.php index b6c5d94ad..c7d586d37 100644 --- a/views/bootstrap/class.KeywordChooser.php +++ b/views/bootstrap/class.KeywordChooser.php @@ -31,15 +31,10 @@ require_once("class.Bootstrap.php"); */ class SeedDMS_View_KeywordChooser extends SeedDMS_Bootstrap_Style { - function show() { /* {{{ */ - $dms = $this->params['dms']; - $user = $this->params['user']; - $categories = $this->params['categories']; + function js() { /* {{{ */ $form = $this->params['form']; - -// $this->htmlStartPage(getMLText("use_default_keywords")); + header('Content-Type: application/json'); ?> - + +$('#categories0').change(function(ev) { + showKeywords(0); +}); + +$('#categories1').change(function(ev) { + showKeywords(1); +}); + +$('.insertkeyword').click(function(ev) { + attr_keyword = $(ev.currentTarget).attr('keyword'); + insertKeywords(attr_keyword); +}); + +myTA = document.getElementById("keywordta"); +myTA.value = targetObj.value; +myTA.focus(); +params['dms']; + $user = $this->params['user']; + $categories = $this->params['categories']; + $form = $this->params['form']; + +// $this->htmlStartPage(getMLText("use_default_keywords")); +?>
:
:
: printKeywordChooser('form1', $document->getKeywords()); + $this->printKeywordChooserHtml('form1', $document->getKeywords()); ?>
: -
: -