mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-06 00:37:42 +02:00
Code Issues Releases Wiki Activity

[ticket/security-283] Unify behavior between adm and prosilver, clean up

Browse Source 
SECURITY-283
This commit is contained in:
Marc Alexander
2025-03-01 09:22:23 +01:00
parent c3bb5e1bec
commit 17480d7d07
3 changed files with 33 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
phpBB/adm/style/ajax.js
View File

@@ -235,14 +235,20 @@ function submitPermissions() {
if ($alertBoxLink) {
// Remove forum_id[] from URL
$alertBoxLink.attr('href', $alertBoxLink.attr('href').replace(/(&forum_id\[\]=[0-9]+)/g, ''));
var previousPageForm = '<form action="' + $alertBoxLink.attr('href') + '" method="post">';
$.each(forumIds, function (key, value) {
previousPageForm += '<input type="text" name="forum_id[]" value="' + value + '" />';
const $previousPageForm = $('<form>').attr({
action: $alertBoxLink.attr('href'),
method: 'post'
});
$.each(forumIds, function (key, value) {
$previousPageForm.append($('<input>').attr({
type: 'text',
name: 'forum_id[]',
value: value
}));
});
previousPageForm += '</form>';
$alertBoxLink.on('click', function (e) {
var $previousPageForm = $(previousPageForm);
$('body').append($previousPageForm);
e.preventDefault();
$previousPageForm.submit();
@@ -257,12 +263,19 @@ function submitPermissions() {
setTimeout(function () {
// Create forum to submit using POST. This will prevent
// exceeding the maximum length of URLs
var form = '<form action="' + res.REFRESH_DATA.url.replace(/(&forum_id\[\]=[0-9]+)/g, '') + '" method="post">';
$.each(forumIds, function (key, value) {
form += '<input type="text" name="forum_id[]" value="' + value + '" />';
const $form = $('<form>').attr({
action: res.REFRESH_DATA.url.replace(/(&forum_id\[\]=[0-9]+)/g, ''),
method: 'post'
});
form += '</form>';
$form = $(form);
$.each(forumIds, function (key, value) {
$form.append($('<input>').attr({
type: 'text',
name: 'forum_id[]',
value: value
}));
});
$('body').append($form);
// Hide the alert even if we refresh the page, in case the user