Fix pasting from the AdminBar macro due to CSRF requirements.

2009-07-14 23:39:14 +00:00 · 2009-07-14 23:39:14 +00:00 · 60c74a2a58
commit 60c74a2a58
parent 79dbea5025
3 changed files with 15 additions and 8 deletions
--- a/docs/changelog/7.x.x.txt
+++ b/docs/changelog/7.x.x.txt
@ -6,6 +6,7 @@
  - WebGUI::Shop::PayDriver::PayPal::PayPalStd replaced by WebGUI::Shop::PayDriver::PayPal.  PayPalStd fought the Shop API and didn't work.
  - fixed #10633: GET requests in Operation/User require valid CSRF token.
  - fixed #10621: ThingRecord needs an Asset Icon
+  - fixed #10638: Paste from Admin Bar broken

 7.7.14
 - fixed #10606: shelf selector
--- a/lib/WebGUI/AssetClipboard.pm
+++ b/lib/WebGUI/AssetClipboard.pm
@ -545,9 +545,9 @@ the Asset Manager.
 =cut

 sub www_pasteList {
-	my $self    = shift;
+    my $self    = shift;
    my $session = $self->session;
-	return $session->privilege->insufficient() unless $self->canEdit && $session->form->validToken;
+    return $session->privilege->insufficient() unless $self->canEdit && $session->form->validToken;
    my $form    = $session->form;
    my $pb      = WebGUI::ProgressBar->new($session);
    ##Need to store the list of assetIds for the status subroutine
@ -555,14 +555,15 @@ sub www_pasteList {
    ##Need to set the URL that should be displayed when it is done
    my $i18n     = WebGUI::International->new($session, 'Asset');
    $pb->start($i18n->get('Paste Assets'), $session->url->extras('adminConsole/assets.gif'));
-	ASSET: foreach my $clipId (@assetIds) {
+    ASSET: foreach my $clipId (@assetIds) {
+        next ASSET unless $clipId;
        my $pasteAsset = WebGUI::Asset->newPending($session, $clipId);
        if (! $pasteAsset && $pasteAsset->canEdit) {
            $pb->update(sprintf $i18n->get('skipping %s'), $pasteAsset->getTitle);
            next ASSET;
        }
-		$self->paste($clipId, sub {$pb->update(@_);});
-	}
+        $self->paste($clipId, sub {$pb->update(@_);});
+    }
    return $pb->finish( ($form->param('proceed') eq 'manageAssets') ? $self->getUrl('op=assetManager') : $self->getUrl );
 }

--- a/lib/WebGUI/Macro/AdminBar.pm
+++ b/lib/WebGUI/Macro/AdminBar.pm
@ -91,14 +91,19 @@ sub process {
 		# clipboard
 		my $clipboardItems = $session->asset->getAssetsInClipboard(1);
 		if (scalar (@$clipboardItems)) {
-			$out .= q{<dt class="a-m-t">}.$i18n->get("1082").q{</dt><dd class="a-m-d"><div class="bd">};
+            my $formProceed = $session->form->get('op') eq 'assetManager' ? 'manageAssets' : '';
+			$out .= q{<dt class="a-m-t">}.$i18n->get("1082").q{</dt><dd class="a-m-d"><div class="bd">}
+                 .  WebGUI::Form::formHeader($session,
+                        { action => $session->url->page('func=pasteList;assetId=0;proceed='.$formProceed), extras => "id='adminBarClip'", }
+                    );
 			foreach my $item (@{$clipboardItems}) {
 				my $title = $asset->getTitle;
-				$out .= q{<a class="link" href="}.$asset->getUrl("func=pasteList;assetId=".$item->getId.$proceed).q{">}
+				$out .= q{<a class="link" href="}.$asset->getUrl("func=pasteList;assetId=".$item->getId.$proceed).q{" onclick="var thisForm = document.getElementById('adminBarClip'); thisForm.assetId.value='}.$item->getId.q{'; thisForm.submit(); return false;">}
 					.q{<img src="}.$item->getIcon(1).q{" style="border: 0px; vertical-align: middle;" alt="icon" /> }
 					.$item->getTitle.q{</a>};
 			}
-			$out .= qq{</div></dd>\n};
+			$out .= WebGUI::Form::formFooter($session)
+                 .  qq{</div></dd>\n};
 		}

 		### new content menu