From cbcb10a272ef8c46360da301e1bbbd4979d6f106 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Tue, 15 Sep 2020 16:28:09 +0300 Subject: Feeds: load quickaddfeed and search dialogs via XHR w/ CSRF protection --- js/CommonDialogs.js | 182 +++++++++++++++++++++++++++------------------------- 1 file changed, 93 insertions(+), 89 deletions(-) (limited to 'js/CommonDialogs.js') diff --git a/js/CommonDialogs.js b/js/CommonDialogs.js index d3ad35161..ab72b3b9c 100644 --- a/js/CommonDialogs.js +++ b/js/CommonDialogs.js @@ -75,116 +75,120 @@ const CommonDialogs = { return false; }, quickAddFeed: function() { - const query = "backend.php?op=feeds&method=quickAddFeed"; // overlapping widgets if (dijit.byId("batchSubDlg")) dijit.byId("batchSubDlg").destroyRecursive(); if (dijit.byId("feedAddDlg")) dijit.byId("feedAddDlg").destroyRecursive(); - const dialog = new dijit.Dialog({ - id: "feedAddDlg", - title: __("Subscribe to Feed"), - style: "width: 600px", - show_error: function (msg) { - const elem = $("fadd_error_message"); - - elem.innerHTML = msg; - - if (!Element.visible(elem)) - new Effect.Appear(elem); - - }, - execute: function () { - if (this.validate()) { - console.log(dojo.objectToQuery(this.attr('value'))); - - const feed_url = this.attr('value').feed; - - Element.show("feed_add_spinner"); - Element.hide("fadd_error_message"); - - xhrPost("backend.php", this.attr('value'), (transport) => { - try { - - let reply; + xhrPost("backend.php", + {op: "feeds", method: "quickAddFeed"}, + (transport) => { - try { - reply = JSON.parse(transport.responseText); - } catch (e) { - Element.hide("feed_add_spinner"); - alert(__("Failed to parse output. This can indicate server timeout and/or network issues. Backend output was logged to browser console.")); - console.log('quickAddFeed, backend returned:' + transport.responseText); - return; - } - - const rc = reply['result']; - - Notify.close(); - Element.hide("feed_add_spinner"); + const dialog = new dijit.Dialog({ + id: "feedAddDlg", + title: __("Subscribe to Feed"), + style: "width: 600px", + content: transport.responseText, + show_error: function (msg) { + const elem = $("fadd_error_message"); - console.log(rc); + elem.innerHTML = msg; - switch (parseInt(rc['code'])) { - case 1: - dialog.hide(); - Notify.info(__("Subscribed to %s").replace("%s", feed_url)); + if (!Element.visible(elem)) + new Effect.Appear(elem); - if (App.isPrefs()) - dijit.byId("feedTree").reload(); - else - Feeds.reload(); + }, + execute: function () { + if (this.validate()) { + console.log(dojo.objectToQuery(this.attr('value'))); - break; - case 2: - dialog.show_error(__("Specified URL seems to be invalid.")); - break; - case 3: - dialog.show_error(__("Specified URL doesn't seem to contain any feeds.")); - break; - case 4: - { - const feeds = rc['feeds']; + const feed_url = this.attr('value').feed; - Element.show("fadd_multiple_notify"); + Element.show("feed_add_spinner"); + Element.hide("fadd_error_message"); - const select = dijit.byId("feedDlg_feedContainerSelect"); + xhrPost("backend.php", this.attr('value'), (transport) => { + try { - while (select.getOptions().length > 0) - select.removeOption(0); + let reply; - select.addOption({value: '', label: __("Expand to select feed")}); + try { + reply = JSON.parse(transport.responseText); + } catch (e) { + Element.hide("feed_add_spinner"); + alert(__("Failed to parse output. This can indicate server timeout and/or network issues. Backend output was logged to browser console.")); + console.log('quickAddFeed, backend returned:' + transport.responseText); + return; + } - for (const feedUrl in feeds) { - if (feeds.hasOwnProperty(feedUrl)) { - select.addOption({value: feedUrl, label: feeds[feedUrl]}); - } + const rc = reply['result']; + + Notify.close(); + Element.hide("feed_add_spinner"); + + console.log(rc); + + switch (parseInt(rc['code'])) { + case 1: + dialog.hide(); + Notify.info(__("Subscribed to %s").replace("%s", feed_url)); + + if (App.isPrefs()) + dijit.byId("feedTree").reload(); + else + Feeds.reload(); + + break; + case 2: + dialog.show_error(__("Specified URL seems to be invalid.")); + break; + case 3: + dialog.show_error(__("Specified URL doesn't seem to contain any feeds.")); + break; + case 4: + { + const feeds = rc['feeds']; + + Element.show("fadd_multiple_notify"); + + const select = dijit.byId("feedDlg_feedContainerSelect"); + + while (select.getOptions().length > 0) + select.removeOption(0); + + select.addOption({value: '', label: __("Expand to select feed")}); + + for (const feedUrl in feeds) { + if (feeds.hasOwnProperty(feedUrl)) { + select.addOption({value: feedUrl, label: feeds[feedUrl]}); + } + } + + Effect.Appear('feedDlg_feedsContainer', {duration: 0.5}); + } + break; + case 5: + dialog.show_error(__("Couldn't download the specified URL: %s").replace("%s", rc['message'])); + break; + case 6: + dialog.show_error(__("XML validation failed: %s").replace("%s", rc['message'])); + break; + case 0: + dialog.show_error(__("You are already subscribed to this feed.")); + break; } - Effect.Appear('feedDlg_feedsContainer', {duration: 0.5}); + } catch (e) { + console.error(transport.responseText); + App.Error.report(e); } - break; - case 5: - dialog.show_error(__("Couldn't download the specified URL: %s").replace("%s", rc['message'])); - break; - case 6: - dialog.show_error(__("XML validation failed: %s").replace("%s", rc['message'])); - break; - case 0: - dialog.show_error(__("You are already subscribed to this feed.")); - break; + }); } - - } catch (e) { - console.error(transport.responseText); - App.Error.report(e); - } + }, }); - } - }, - href: query - }); - dialog.show(); + dialog.show(); + }); }, showFeedsWithErrors: function() { const query = {op: "pref-feeds", method: "feedsWithErrors"}; -- cgit v1.2.3