Fix pasting from the AdminBar macro due to CSRF requirements.
This commit is contained in:
Colin Kuskie
parent
79dbea5025
commit
60c74a2a58
3 changed files with 15 additions and 8 deletions
|
|
@ -6,6 +6,7 @@
|
||||||
- WebGUI::Shop::PayDriver::PayPal::PayPalStd replaced by WebGUI::Shop::PayDriver::PayPal. PayPalStd fought the Shop API and didn't work.
|
- WebGUI::Shop::PayDriver::PayPal::PayPalStd replaced by WebGUI::Shop::PayDriver::PayPal. PayPalStd fought the Shop API and didn't work.
|
||||||
- fixed #10633: GET requests in Operation/User require valid CSRF token.
|
- fixed #10633: GET requests in Operation/User require valid CSRF token.
|
||||||
- fixed #10621: ThingRecord needs an Asset Icon
|
- fixed #10621: ThingRecord needs an Asset Icon
|
||||||
|
- fixed #10638: Paste from Admin Bar broken
|
||||||
|
|
||||||
7.7.14
|
7.7.14
|
||||||
- fixed #10606: shelf selector
|
- fixed #10606: shelf selector
|
||||||
|
|
|
||||||
|
|
@ -545,9 +545,9 @@ the Asset Manager.
|
||||||
=cut
|
=cut
|
||||||
|
|
||||||
sub www_pasteList {
|
sub www_pasteList {
|
||||||
my $self = shift;
|
my $self = shift;
|
||||||
my $session = $self->session;
|
my $session = $self->session;
|
||||||
return $session->privilege->insufficient() unless $self->canEdit && $session->form->validToken;
|
return $session->privilege->insufficient() unless $self->canEdit && $session->form->validToken;
|
||||||
my $form = $session->form;
|
my $form = $session->form;
|
||||||
my $pb = WebGUI::ProgressBar->new($session);
|
my $pb = WebGUI::ProgressBar->new($session);
|
||||||
##Need to store the list of assetIds for the status subroutine
|
##Need to store the list of assetIds for the status subroutine
|
||||||
|
|
@ -555,14 +555,15 @@ sub www_pasteList {
|
||||||
##Need to set the URL that should be displayed when it is done
|
##Need to set the URL that should be displayed when it is done
|
||||||
my $i18n = WebGUI::International->new($session, 'Asset');
|
my $i18n = WebGUI::International->new($session, 'Asset');
|
||||||
$pb->start($i18n->get('Paste Assets'), $session->url->extras('adminConsole/assets.gif'));
|
$pb->start($i18n->get('Paste Assets'), $session->url->extras('adminConsole/assets.gif'));
|
||||||
ASSET: foreach my $clipId (@assetIds) {
|
ASSET: foreach my $clipId (@assetIds) {
|
||||||
|
next ASSET unless $clipId;
|
||||||
my $pasteAsset = WebGUI::Asset->newPending($session, $clipId);
|
my $pasteAsset = WebGUI::Asset->newPending($session, $clipId);
|
||||||
if (! $pasteAsset && $pasteAsset->canEdit) {
|
if (! $pasteAsset && $pasteAsset->canEdit) {
|
||||||
$pb->update(sprintf $i18n->get('skipping %s'), $pasteAsset->getTitle);
|
$pb->update(sprintf $i18n->get('skipping %s'), $pasteAsset->getTitle);
|
||||||
next ASSET;
|
next ASSET;
|
||||||
}
|
}
|
||||||
$self->paste($clipId, sub {$pb->update(@_);});
|
$self->paste($clipId, sub {$pb->update(@_);});
|
||||||
}
|
}
|
||||||
return $pb->finish( ($form->param('proceed') eq 'manageAssets') ? $self->getUrl('op=assetManager') : $self->getUrl );
|
return $pb->finish( ($form->param('proceed') eq 'manageAssets') ? $self->getUrl('op=assetManager') : $self->getUrl );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -91,14 +91,19 @@ sub process {
|
||||||
# clipboard
|
# clipboard
|
||||||
my $clipboardItems = $session->asset->getAssetsInClipboard(1);
|
my $clipboardItems = $session->asset->getAssetsInClipboard(1);
|
||||||
if (scalar (@$clipboardItems)) {
|
if (scalar (@$clipboardItems)) {
|
||||||
$out .= q{<dt class="a-m-t">}.$i18n->get("1082").q{</dt><dd class="a-m-d"><div class="bd">};
|
my $formProceed = $session->form->get('op') eq 'assetManager' ? 'manageAssets' : '';
|
||||||
|
$out .= q{<dt class="a-m-t">}.$i18n->get("1082").q{</dt><dd class="a-m-d"><div class="bd">}
|
||||||
|
. WebGUI::Form::formHeader($session,
|
||||||
|
{ action => $session->url->page('func=pasteList;assetId=0;proceed='.$formProceed), extras => "id='adminBarClip'", }
|
||||||
|
);
|
||||||
foreach my $item (@{$clipboardItems}) {
|
foreach my $item (@{$clipboardItems}) {
|
||||||
my $title = $asset->getTitle;
|
my $title = $asset->getTitle;
|
||||||
$out .= q{<a class="link" href="}.$asset->getUrl("func=pasteList;assetId=".$item->getId.$proceed).q{">}
|
$out .= q{<a class="link" href="}.$asset->getUrl("func=pasteList;assetId=".$item->getId.$proceed).q{" onclick="var thisForm = document.getElementById('adminBarClip'); thisForm.assetId.value='}.$item->getId.q{'; thisForm.submit(); return false;">}
|
||||||
.q{<img src="}.$item->getIcon(1).q{" style="border: 0px; vertical-align: middle;" alt="icon" /> }
|
.q{<img src="}.$item->getIcon(1).q{" style="border: 0px; vertical-align: middle;" alt="icon" /> }
|
||||||
.$item->getTitle.q{</a>};
|
.$item->getTitle.q{</a>};
|
||||||
}
|
}
|
||||||
$out .= qq{</div></dd>\n};
|
$out .= WebGUI::Form::formFooter($session)
|
||||||
|
. qq{</div></dd>\n};
|
||||||
}
|
}
|
||||||
|
|
||||||
### new content menu
|
### new content menu
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue