diff --git a/app/controllers/photos_controller.rb b/app/controllers/photos_controller.rb
index 952a50406..14782c51a 100644
--- a/app/controllers/photos_controller.rb
+++ b/app/controllers/photos_controller.rb
@@ -9,7 +9,6 @@ class PhotosController < ApplicationController
respond_to :html, :json
-
def index
@post_type = :photos
@person = Person.find_by_id(params[:person_id])
@@ -144,11 +143,7 @@ class PhotosController < ApplicationController
if photo
respond_with photo
else
- begin
- redirect_to :back
- rescue
- redirect_to aspects_path
- end
+ redirect_to :back
end
end
@@ -193,7 +188,6 @@ class PhotosController < ApplicationController
def photo
@photo ||= current_user.find_visible_post_by_id(params[:id], :type => 'Photo')
- @photo
end
def additional_photos
diff --git a/app/views/layouts/application.html.haml b/app/views/layouts/application.html.haml
index 064663a3e..74e636c42 100644
--- a/app/views/layouts/application.html.haml
+++ b/app/views/layouts/application.html.haml
@@ -28,6 +28,7 @@
- if rtl?
= include_stylesheets :rtl, :media => 'all'
+ = csrf_meta_tag
@@ -47,7 +48,6 @@
= javascript_include_tag 'web-socket-receiver'
= render 'js/websocket_js'
- = csrf_meta_tag
= yield(:head)
diff --git a/public/javascripts/fileuploader-custom.js b/public/javascripts/fileuploader-custom.js
index 4fc1ad643..d5844a7c7 100644
--- a/public/javascripts/fileuploader-custom.js
+++ b/public/javascripts/fileuploader-custom.js
@@ -1214,6 +1214,7 @@ qq.extend(qq.UploadHandlerXhr.prototype, {
xhr.setRequestHeader("X-Requested-With", "XMLHttpRequest");
xhr.setRequestHeader("X-File-Name", encodeURIComponent(name));
xhr.setRequestHeader("Content-Type", "application/octet-stream");
+ xhr.setRequestHeader("X-CSRF-Token", $("meta[name='csrf-token']").attr("content"));
xhr.send(file);
},
_onComplete: function(id, xhr){
diff --git a/public/javascripts/rails.js b/public/javascripts/rails.js
index 1fc425caf..2fbb9b83c 100644
--- a/public/javascripts/rails.js
+++ b/public/javascripts/rails.js
@@ -17,139 +17,182 @@ $.fn.clearForm = function() {
});
};
+/**
+ * Unobtrusive scripting adapter for jQuery
+ *
+ * Requires jQuery 1.4.3 or later.
+ * https://github.com/rails/jquery-ujs
+ */
+(function($) {
+ // Make sure that every Ajax request sends the CSRF token
+ function CSRFProtection(fn) {
+ var token = $('meta[name="csrf-token"]').attr('content');
+ if (token) fn(function(xhr) { xhr.setRequestHeader('X-CSRF-Token', token) });
+ }
+ if ($().jquery == '1.5') { // gruesome hack
+ var factory = $.ajaxSettings.xhr;
+ $.ajaxSettings.xhr = function() {
+ var xhr = factory();
+ CSRFProtection(function(setHeader) {
+ var open = xhr.open;
+ xhr.open = function() { open.apply(this, arguments); setHeader(this) };
+ });
+ return xhr;
+ };
+ }
+ else $(document).ajaxSend(function(e, xhr) {
+ CSRFProtection(function(setHeader) { setHeader(xhr) });
+ });
-jQuery(function ($) {
- var csrf_token = $('meta[name=csrf-token]').attr('content'),
- csrf_param = $('meta[name=csrf-param]').attr('content');
+ // Triggers an event on an element and returns the event result
+ function fire(obj, name, data) {
+ var event = new $.Event(name);
+ obj.trigger(event, data);
+ return event.result !== false;
+ }
- $.fn.extend({
- /**
-* Triggers a custom event on an element and returns the event result
-* this is used to get around not being able to ensure callbacks are placed
-* at the end of the chain.
-*
-* TODO: deprecate with jQuery 1.4.2 release, in favor of subscribing to our
-* own events and placing ourselves at the end of the chain.
-*/
- triggerAndReturn: function (name, data) {
- var event = new $.Event(name);
- this.trigger(event, data);
+ // Submits "remote" forms and links with ajax
+ function handleRemote(element) {
+ var method, url, data,
+ dataType = element.attr('data-type') || ($.ajaxSettings && $.ajaxSettings.dataType);
- return event.result !== false;
- },
+ if (element.is('form')) {
+ method = element.attr('method');
+ url = element.attr('action');
+ data = element.serializeArray();
+ // memoized value from clicked submit button
+ var button = element.data('ujs:submit-button');
+ if (button) {
+ data.push(button);
+ element.data('ujs:submit-button', null);
+ }
+ } else {
+ method = element.attr('data-method');
+ url = element.attr('href');
+ data = null;
+ }
- /**
-* Handles execution of remote calls firing overridable events along the way
-*/
- callRemote: function () {
- var el = this,
- method = el.attr('method') || el.attr('data-method') || 'GET',
- url = el.attr('action') || el.attr('href'),
- dataType = el.attr('data-type') || 'script';
-
- if (url === undefined) {
- throw "No URL specified for remote call (action or href must be present).";
- } else {
- if (el.triggerAndReturn('ajax:before')) {
- var data = el.is('form') ? el.serializeArray() : [];
- $.ajax({
- url: url,
- data: data,
- dataType: dataType,
- type: method.toUpperCase(),
- beforeSend: function (xhr) {
- el.trigger('ajax:loading', xhr);
- },
- success: function (data, status, xhr) {
- el.trigger('ajax:success', [data, status, xhr]);
- },
- complete: function (xhr) {
- el.trigger('ajax:complete', xhr);
- },
- error: function (xhr, status, error) {
- el.trigger('ajax:failure', [xhr, status, error]);
- }
- });
- }
-
- el.trigger('ajax:after');
- }
+ $.ajax({
+ url: url, type: method || 'GET', data: data, dataType: dataType,
+ // stopping the "ajax:beforeSend" event will cancel the ajax request
+ beforeSend: function(xhr, settings) {
+ if (settings.dataType === undefined) {
+ xhr.setRequestHeader('accept', '*/*;q=0.5, ' + settings.accepts.script);
}
+ return fire(element, 'ajax:beforeSend', [xhr, settings]);
+ },
+ success: function(data, status, xhr) {
+ element.trigger('ajax:success', [data, status, xhr]);
+ },
+ complete: function(xhr, status) {
+ element.trigger('ajax:complete', [xhr, status]);
+ },
+ error: function(xhr, status, error) {
+ element.trigger('ajax:error', [xhr, status, error]);
+ }
});
+ }
- /**
-* confirmation handler
-*/
- $('a[data-confirm],input[data-confirm]').live('click', function(event) {
- var el = $(this);
- if (el.triggerAndReturn('confirm')) {
- if (!confirm(el.attr('data-confirm'))) {
- event.stopImmediatePropagation();
- return false;
- }
- }
+ // Handles "data-method" on links such as:
+ // Delete
+ function handleMethod(link) {
+ var href = link.attr('href'),
+ method = link.attr('data-method'),
+ csrf_token = $('meta[name=csrf-token]').attr('content'),
+ csrf_param = $('meta[name=csrf-param]').attr('content'),
+ form = $(''),
+ metadata_input = '',
+ form_params = link.data('form-params');
+
+ if (csrf_param !== undefined && csrf_token !== undefined) {
+ metadata_input += '';
+ }
+
+ // support non-nested JSON encoded params for links
+ if (form_params != undefined) {
+ var params = $.parseJSON(form_params);
+ for (key in params) {
+ form.append($("").attr({"type": "hidden", "name": key, "value": params[key]}));
+ }
+ }
+
+ form.hide().append(metadata_input).appendTo('body');
+ form.submit();
+ }
+
+ function disableFormElements(form) {
+ form.find('input[data-disable-with]').each(function() {
+ var input = $(this);
+ input.data('ujs:enable-with', input.val())
+ .val(input.attr('data-disable-with'))
+ .attr('disabled', 'disabled');
});
+ }
-
- /**
-* remote handlers
-*/
- $('form[data-remote]').live('submit', function (e) {
- $(this).callRemote();
- e.preventDefault();
+ function enableFormElements(form) {
+ form.find('input[data-disable-with]').each(function() {
+ var input = $(this);
+ input.val(input.data('ujs:enable-with')).removeAttr('disabled');
});
+ }
- $('form[data-remote]').live('ajax:success', function (e) {
- $(this).clearForm();
- $(this).focusout();
+ function allowAction(element) {
+ var message = element.attr('data-confirm');
+ return !message || (fire(element, 'confirm') && confirm(message));
+ }
+
+ function requiredValuesMissing(form) {
+ var missing = false;
+ form.find('input[name][required]').each(function() {
+ if (!$(this).val()) missing = true;
});
+ return missing;
+ }
+ $('a[data-confirm], a[data-method], a[data-remote]').live('click.rails', function(e) {
+ var link = $(this);
+ if (!allowAction(link)) return false;
- $('a[data-remote],input[data-remote]').live('click', function (e) {
- $(this).callRemote();
- e.preventDefault();
- });
+ if (link.attr('data-remote') != undefined) {
+ handleRemote(link);
+ return false;
+ } else if (link.attr('data-method')) {
+ handleMethod(link);
+ return false;
+ }
+ });
- $('a[data-method]:not([data-remote])').live('click', function (e) {
- var link = $(this),
- href = link.attr('href'),
- method = link.attr('data-method'),
- form = $(''),
- metadata_input = '';
+ $('form').live('submit.rails', function(e) {
+ var form = $(this), remote = form.attr('data-remote') != undefined;
+ if (!allowAction(form)) return false;
- if (csrf_param != null && csrf_token != null) {
- metadata_input += '';
- }
+ // skip other logic when required values are missing
+ if (requiredValuesMissing(form)) return !remote;
- form.hide()
- .append(metadata_input)
- .appendTo('body');
+ if (remote) {
+ handleRemote(form);
+ return false;
+ } else {
+ // slight timeout so that the submit button gets properly serialized
+ setTimeout(function(){ disableFormElements(form) }, 13);
+ }
+ });
- e.preventDefault();
- form.submit();
- });
+ $('form input[type=submit], form button[type=submit], form button:not([type])').live('click.rails', function() {
+ var button = $(this);
+ if (!allowAction(button)) return false;
+ // register the pressed submit button
+ var name = button.attr('name'), data = name ? {name:name, value:button.val()} : null;
+ button.closest('form').data('ujs:submit-button', data);
+ });
- /**
-* disable-with handlers
-*/
- var disable_with_input_selector = 'input[data-disable-with]';
- var disable_with_form_selector = 'form[data-remote]:has(' + disable_with_input_selector + ')';
+ $('form').live('ajax:beforeSend.rails', function(event) {
+ if (this == event.target) disableFormElements($(this));
+ });
- $(disable_with_form_selector).live('ajax:before', function () {
- $(this).find(disable_with_input_selector).each(function () {
- var input = $(this);
- input.data('enable-with', input.val())
- .attr('value', input.attr('data-disable-with'))
- .attr('disabled', 'disabled');
- });
- });
+ $('form').live('ajax:complete.rails', function(event) {
+ if (this == event.target) enableFormElements($(this));
+ });
+})( jQuery );
- $(disable_with_form_selector).live('ajax:complete', function () {
- $(this).find(disable_with_input_selector).each(function () {
- var input = $(this);
- input.removeAttr('disabled')
- .val(input.data('enable-with'));
- });
- });
-});
diff --git a/public/javascripts/view.js b/public/javascripts/view.js
index 90b7d500e..57918d31d 100644
--- a/public/javascripts/view.js
+++ b/public/javascripts/view.js
@@ -48,6 +48,12 @@ var View = {
$(this.newRequest.selector)
.live("submit", this.newRequest.submit);
+ /* Clear forms after successful submit */
+ $('form[data-remote]').live('ajax:success', function (e) {
+ $(this).clearForm();
+ $(this).focusout();
+ });
+
/* Autoexpand textareas */
var startAutoResize = function() {
$('textarea')