Add a validateForm event listener and enforce CSP on some views (#2425)
* Add a validateForm event listener and enforce CSP on the controlcap view * filter.php: Use .validateFormOnSubmit * server.php: Use .validateFormOnSubmit and fix makePopupButton condition check * Use .validateFormOnSubmit and enforce CSP on the storage view
This commit is contained in:
parent
4e6c1d42b1
commit
4e48939660
|
@ -39,12 +39,14 @@ function CSPHeaders($view, $nonce) {
|
|||
switch ($view) {
|
||||
case 'bandwidth':
|
||||
case 'blank':
|
||||
case 'controlcap':
|
||||
case 'function':
|
||||
case 'log':
|
||||
case 'login':
|
||||
case 'logout':
|
||||
case 'options':
|
||||
case 'privacy':
|
||||
case 'storage':
|
||||
case 'version': {
|
||||
// Enforce script-src on pages where inline scripts and event handlers have been fixed.
|
||||
// 'unsafe-inline' is only for backwards compatibility with browsers which
|
||||
|
@ -462,7 +464,7 @@ function makePopupButton( $url, $winName, $winSize, $buttonValue, $condition=1,
|
|||
} else {
|
||||
$string .= ' data-window-tag="' . htmlspecialchars($winSize) . '"';
|
||||
}
|
||||
if ($condition) {
|
||||
if (!$condition) {
|
||||
$string .= ' disabled="disabled"';
|
||||
}
|
||||
$string .= ($options ? (' ' . $options) : '') . '/>';
|
||||
|
|
|
@ -119,6 +119,12 @@ function createPopup( url, name, tag, width, height ) {
|
|||
}
|
||||
|
||||
$j(document).ready(function() {
|
||||
$j("form.validateFormOnSubmit").submit(function onSubmit(evt) {
|
||||
if (!validateForm(this)) {
|
||||
evt.preventDefault();
|
||||
}
|
||||
});
|
||||
|
||||
$j(".popup-link").click(function onClick(evt) {
|
||||
var el = this;
|
||||
var url;
|
||||
|
|
|
@ -183,7 +183,7 @@ foreach ( $tabs as $name=>$value )
|
|||
?>
|
||||
</ul>
|
||||
<div class="clear"></div>
|
||||
<form name="contentForm" id="contentForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>" onsubmit="return validateForm( this )">
|
||||
<form name="contentForm" id="contentForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>" class="validateFormOnSubmit">
|
||||
<input type="hidden" name="view" value="<?php echo $view ?>"/>
|
||||
<input type="hidden" name="tab" value="<?php echo $tab ?>"/>
|
||||
<input type="hidden" name="action" value="controlcap"/>
|
||||
|
|
|
@ -180,7 +180,7 @@ if ( (null !== $filter->Concurrent()) and $filter->Concurrent() )
|
|||
?>
|
||||
</div>
|
||||
</form>
|
||||
<form name="contentForm" id="contentForm" method="post" onsubmit="return validateForm(this);">
|
||||
<form name="contentForm" id="contentForm" method="post" class="validateFormOnSubmit">
|
||||
<input type="hidden" name="Id" value="<?php echo $filter->Id() ?>"/>
|
||||
<input type="hidden" name="action" value=""/>
|
||||
<input type="hidden" name="object" value="filter"/>
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
function validateForm( form, newServer ) {
|
||||
var errors = new Array();
|
||||
function validateForm(form) {
|
||||
var errors = [];
|
||||
if ( !form.elements['newServer[Name]'].value ) {
|
||||
errors[errors.length] = "You must supply a name";
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
function validateForm( form, newStorage ) {
|
||||
var errors = new Array();
|
||||
function validateForm(form) {
|
||||
var errors = [];
|
||||
if ( !form.elements['newStorage[Name]'].value ) {
|
||||
errors[errors.length] = "You must supply a name";
|
||||
}
|
||||
|
|
|
@ -39,7 +39,7 @@ xhtmlHeaders(__FILE__, translate('Server').' - '.$Server->Name());
|
|||
<h2><?php echo translate('Server').' - '.$Server->Name() ?></h2>
|
||||
</div>
|
||||
<div id="content">
|
||||
<form name="contentForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>" onsubmit="return validateForm(this, <?php echo empty($Server->Name())?'true':'false' ?>)">
|
||||
<form name="contentForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>" class="validateFormOnSubmit">
|
||||
<input type="hidden" name="view" value="<?php echo $view ?>"/>
|
||||
<input type="hidden" name="object" value="server"/>
|
||||
<input type="hidden" name="id" value="<?php echo validHtmlStr($_REQUEST['id']) ?>"/>
|
||||
|
|
|
@ -63,7 +63,7 @@ xhtmlHeaders(__FILE__, translate('Storage')." - ".$newStorage['Name'] );
|
|||
<h2><?php echo translate('Storage')." - ".$newStorage['Name'] ?></h2>
|
||||
</div>
|
||||
<div id="content">
|
||||
<form name="contentForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>" onsubmit="return validateForm( this, <?php echo empty($newStorage['Name'])?'true':'false' ?> )">
|
||||
<form name="contentForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>" class="validateFormOnSubmit">
|
||||
<input type="hidden" name="view" value="<?php echo $view ?>"/>
|
||||
<input type="hidden" name="object" value="storage"/>
|
||||
<input type="hidden" name="id" value="<?php echo validHtmlStr($_REQUEST['id']) ?>"/>
|
||||
|
|
Loading…
Reference in New Issue