nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Upgrade rails.js, add CSRF token manually in the photo uploader.

Browse source
This commit is contained in:
Raphael Sofaer 2011-07-21 17:49:33 -07:00
parent 20de3a5622
commit caf26a5c64
5 changed files with 166 additions and 122 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
app/controllers/photos_controller.rb
View file

@ -9,7 +9,6 @@ class PhotosController < ApplicationController
respond_to :html, :json respond_to :html, :json
def index def index
@post_type = :photos @post_type = :photos
@person = Person.find_by_id(params[:person_id]) @person = Person.find_by_id(params[:person_id])
@ -144,11 +143,7 @@ class PhotosController < ApplicationController
if photo if photo
respond_with photo respond_with photo
else else
begin
redirect_to :back redirect_to :back
rescue
redirect_to aspects_path
end
end end
end end
@ -193,7 +188,6 @@ class PhotosController < ApplicationController
def photo def photo
@photo ||= current_user.find_visible_post_by_id(params[:id], :type => 'Photo') @photo ||= current_user.find_visible_post_by_id(params[:id], :type => 'Photo')
@photo
end end
def additional_photos def additional_photos

2
app/views/layouts/application.html.haml
View file

@ -28,6 +28,7 @@
- if rtl? - if rtl?
= include_stylesheets :rtl, :media => 'all' = include_stylesheets :rtl, :media => 'all'
= csrf_meta_tag
<!--[if IE]> <!--[if IE]>
= javascript_include_tag "/javascripts/ie.js" = javascript_include_tag "/javascripts/ie.js"
<![endif]--> <![endif]-->
@ -47,7 +48,6 @@
= javascript_include_tag 'web-socket-receiver' = javascript_include_tag 'web-socket-receiver'
= render 'js/websocket_js' = render 'js/websocket_js'
= csrf_meta_tag
= yield(:head) = yield(:head)

1
public/javascripts/fileuploader-custom.js
View file

@ -1214,6 +1214,7 @@ qq.extend(qq.UploadHandlerXhr.prototype, {
xhr.setRequestHeader("X-Requested-With", "XMLHttpRequest"); xhr.setRequestHeader("X-Requested-With", "XMLHttpRequest");
xhr.setRequestHeader("X-File-Name", encodeURIComponent(name)); xhr.setRequestHeader("X-File-Name", encodeURIComponent(name));
xhr.setRequestHeader("Content-Type", "application/octet-stream"); xhr.setRequestHeader("Content-Type", "application/octet-stream");
xhr.setRequestHeader("X-CSRF-Token", $("meta[name='csrf-token']").attr("content"));
xhr.send(file); xhr.send(file);
}, },
_onComplete: function(id, xhr){ _onComplete: function(id, xhr){

257
public/javascripts/rails.js
View file

@ -17,139 +17,182 @@ $.fn.clearForm = function() {
}); });
}; };
/**
* Unobtrusive scripting adapter for jQuery
*
* Requires jQuery 1.4.3 or later.
* https://github.com/rails/jquery-ujs
*/
(function($) {
// Make sure that every Ajax request sends the CSRF token
function CSRFProtection(fn) {
var token = $('meta[name="csrf-token"]').attr('content');
if (token) fn(function(xhr) { xhr.setRequestHeader('X-CSRF-Token', token) });
}
if ($().jquery == '1.5') { // gruesome hack
var factory = $.ajaxSettings.xhr;
$.ajaxSettings.xhr = function() {
var xhr = factory();
CSRFProtection(function(setHeader) {
var open = xhr.open;
xhr.open = function() { open.apply(this, arguments); setHeader(this) };
});
return xhr;
};
}
else $(document).ajaxSend(function(e, xhr) {
CSRFProtection(function(setHeader) { setHeader(xhr) });
});
jQuery(function ($) { // Triggers an event on an element and returns the event result
var csrf_token = $('meta[name=csrf-token]').attr('content'), function fire(obj, name, data) {
csrf_param = $('meta[name=csrf-param]').attr('content');
$.fn.extend({
/**
* Triggers a custom event on an element and returns the event result
* this is used to get around not being able to ensure callbacks are placed
* at the end of the chain.
*
* TODO: deprecate with jQuery 1.4.2 release, in favor of subscribing to our
* own events and placing ourselves at the end of the chain.
*/
triggerAndReturn: function (name, data) {
var event = new $.Event(name); var event = new $.Event(name);
this.trigger(event, data); obj.trigger(event, data);
return event.result !== false; return event.result !== false;
}, }
/** // Submits "remote" forms and links with ajax
* Handles execution of remote calls firing overridable events along the way function handleRemote(element) {
*/ var method, url, data,
callRemote: function () { dataType = element.attr('data-type') || ($.ajaxSettings && $.ajaxSettings.dataType);
var el = this,
method = el.attr('method') || el.attr('data-method') || 'GET',
url = el.attr('action') || el.attr('href'),
dataType = el.attr('data-type') || 'script';
if (url === undefined) { if (element.is('form')) {
throw "No URL specified for remote call (action or href must be present)."; method = element.attr('method');
url = element.attr('action');
data = element.serializeArray();
// memoized value from clicked submit button
var button = element.data('ujs:submit-button');
if (button) {
data.push(button);
element.data('ujs:submit-button', null);
}
} else { } else {
if (el.triggerAndReturn('ajax:before')) { method = element.attr('data-method');
var data = el.is('form') ? el.serializeArray() : []; url = element.attr('href');
data = null;
}
$.ajax({ $.ajax({
url: url, url: url, type: method || 'GET', data: data, dataType: dataType,
data: data, // stopping the "ajax:beforeSend" event will cancel the ajax request
dataType: dataType, beforeSend: function(xhr, settings) {
type: method.toUpperCase(), if (settings.dataType === undefined) {
beforeSend: function (xhr) { xhr.setRequestHeader('accept', '*/*;q=0.5, ' + settings.accepts.script);
el.trigger('ajax:loading', xhr); }
return fire(element, 'ajax:beforeSend', [xhr, settings]);
}, },
success: function (data, status, xhr) { success: function(data, status, xhr) {
el.trigger('ajax:success', [data, status, xhr]); element.trigger('ajax:success', [data, status, xhr]);
}, },
complete: function (xhr) { complete: function(xhr, status) {
el.trigger('ajax:complete', xhr); element.trigger('ajax:complete', [xhr, status]);
}, },
error: function (xhr, status, error) { error: function(xhr, status, error) {
el.trigger('ajax:failure', [xhr, status, error]); element.trigger('ajax:error', [xhr, status, error]);
} }
}); });
} }
el.trigger('ajax:after'); // Handles "data-method" on links such as:
} // <a href="/users/5" data-method="delete" rel="nofollow" data-confirm="Are you sure?">Delete</a>
} function handleMethod(link) {
}); var href = link.attr('href'),
/**
* confirmation handler
*/
$('a[data-confirm],input[data-confirm]').live('click', function(event) {
var el = $(this);
if (el.triggerAndReturn('confirm')) {
if (!confirm(el.attr('data-confirm'))) {
event.stopImmediatePropagation();
return false;
}
}
});
/**
* remote handlers
*/
$('form[data-remote]').live('submit', function (e) {
$(this).callRemote();
e.preventDefault();
});
$('form[data-remote]').live('ajax:success', function (e) {
$(this).clearForm();
$(this).focusout();
});
$('a[data-remote],input[data-remote]').live('click', function (e) {
$(this).callRemote();
e.preventDefault();
});
$('a[data-method]:not([data-remote])').live('click', function (e) {
var link = $(this),
href = link.attr('href'),
method = link.attr('data-method'), method = link.attr('data-method'),
form = $('<form method="post" action="'+href+'"></form>'), csrf_token = $('meta[name=csrf-token]').attr('content'),
metadata_input = '<input name="_method" value="'+method+'" type="hidden" />'; csrf_param = $('meta[name=csrf-param]').attr('content'),
form = $('<form method="post" action="' + href + '"></form>'),
metadata_input = '<input name="_method" value="' + method + '" type="hidden" />',
form_params = link.data('form-params');
if (csrf_param != null && csrf_token != null) { if (csrf_param !== undefined && csrf_token !== undefined) {
metadata_input += '<input name="'+csrf_param+'" value="'+csrf_token+'" type="hidden" />'; metadata_input += '<input name="' + csrf_param + '" value="' + csrf_token + '" type="hidden" />';
} }
form.hide() // support non-nested JSON encoded params for links
.append(metadata_input) if (form_params != undefined) {
.appendTo('body'); var params = $.parseJSON(form_params);
for (key in params) {
form.append($("<input>").attr({"type": "hidden", "name": key, "value": params[key]}));
}
}
e.preventDefault(); form.hide().append(metadata_input).appendTo('body');
form.submit(); form.submit();
}); }
/** function disableFormElements(form) {
* disable-with handlers form.find('input[data-disable-with]').each(function() {
*/
var disable_with_input_selector = 'input[data-disable-with]';
var disable_with_form_selector = 'form[data-remote]:has(' + disable_with_input_selector + ')';
$(disable_with_form_selector).live('ajax:before', function () {
$(this).find(disable_with_input_selector).each(function () {
var input = $(this); var input = $(this);
input.data('enable-with', input.val()) input.data('ujs:enable-with', input.val())
.attr('value', input.attr('data-disable-with')) .val(input.attr('data-disable-with'))
.attr('disabled', 'disabled'); .attr('disabled', 'disabled');
}); });
}
function enableFormElements(form) {
form.find('input[data-disable-with]').each(function() {
var input = $(this);
input.val(input.data('ujs:enable-with')).removeAttr('disabled');
});
}
function allowAction(element) {
var message = element.attr('data-confirm');
return !message || (fire(element, 'confirm') && confirm(message));
}
function requiredValuesMissing(form) {
var missing = false;
form.find('input[name][required]').each(function() {
if (!$(this).val()) missing = true;
});
return missing;
}
$('a[data-confirm], a[data-method], a[data-remote]').live('click.rails', function(e) {
var link = $(this);
if (!allowAction(link)) return false;
if (link.attr('data-remote') != undefined) {
handleRemote(link);
return false;
} else if (link.attr('data-method')) {
handleMethod(link);
return false;
}
}); });
$(disable_with_form_selector).live('ajax:complete', function () { $('form').live('submit.rails', function(e) {
$(this).find(disable_with_input_selector).each(function () { var form = $(this), remote = form.attr('data-remote') != undefined;
var input = $(this); if (!allowAction(form)) return false;
input.removeAttr('disabled')
.val(input.data('enable-with')); // skip other logic when required values are missing
if (requiredValuesMissing(form)) return !remote;
if (remote) {
handleRemote(form);
return false;
} else {
// slight timeout so that the submit button gets properly serialized
setTimeout(function(){ disableFormElements(form) }, 13);
}
}); });
$('form input[type=submit], form button[type=submit], form button:not([type])').live('click.rails', function() {
var button = $(this);
if (!allowAction(button)) return false;
// register the pressed submit button
var name = button.attr('name'), data = name ? {name:name, value:button.val()} : null;
button.closest('form').data('ujs:submit-button', data);
}); });
});
$('form').live('ajax:beforeSend.rails', function(event) {
if (this == event.target) disableFormElements($(this));
});
$('form').live('ajax:complete.rails', function(event) {
if (this == event.target) enableFormElements($(this));
});
})( jQuery );

6
public/javascripts/view.js
View file

@ -48,6 +48,12 @@ var View = {
$(this.newRequest.selector) $(this.newRequest.selector)
.live("submit", this.newRequest.submit); .live("submit", this.newRequest.submit);
/* Clear forms after successful submit */
$('form[data-remote]').live('ajax:success', function (e) {
$(this).clearForm();
$(this).focusout();
});
/* Autoexpand textareas */ /* Autoexpand textareas */
var startAutoResize = function() { var startAutoResize = function() {
$('textarea') $('textarea')