mirror of
https://github.com/phpbb/phpbb.git
synced 2025-04-21 00:02:18 +02:00
Merge pull request #73 from phpbb/ticket/security-283
[ticket/security-283] Use jQuery to generate HTML for page from page data
This commit is contained in:
Marc Alexander
GitHub
commit
cfa3a21e20
@ -5,7 +5,7 @@
|
||||
/**
|
||||
* Parse document block
|
||||
*/
|
||||
function parse_document(container)
|
||||
function parse_document(container)
|
||||
{
|
||||
var test = document.createElement('div'),
|
||||
oldBrowser = (typeof test.style.borderRadius == 'undefined');
|
||||
@ -90,7 +90,7 @@ function parse_document(container)
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
|
||||
headersLength = headers.length;
|
||||
|
||||
// Add header text to each cell as <dfn>
|
||||
@ -121,8 +121,8 @@ function parse_document(container)
|
||||
}
|
||||
|
||||
if ((text.length && text !== '-') || cell.children().length) {
|
||||
if (headers[column] != '') {
|
||||
cell.prepend('<dfn style="display: none;">' + headers[column] + '</dfn>');
|
||||
if (headers[column].length) {
|
||||
cell.prepend($("<dfn>").css('display', 'none').text(headers[column]));
|
||||
}
|
||||
}
|
||||
else {
|
||||
@ -143,7 +143,7 @@ function parse_document(container)
|
||||
*/
|
||||
container.find('table.responsive > tbody').each(function() {
|
||||
var items = $(this).children('tr');
|
||||
if (items.length == 0)
|
||||
if (!items.length)
|
||||
{
|
||||
$(this).parent('table:first').addClass('responsive-hide');
|
||||
}
|
||||
@ -157,7 +157,7 @@ function parse_document(container)
|
||||
if ($this.html() == ' ') {
|
||||
$this.addClass('responsive-hide');
|
||||
}
|
||||
|
||||
|
||||
});
|
||||
|
||||
/**
|
||||
@ -184,7 +184,7 @@ function parse_document(container)
|
||||
var width = $body.width(),
|
||||
height = $this.height();
|
||||
|
||||
if (arguments.length == 0 && (!responsive || width <= lastWidth) && height <= maxHeight) {
|
||||
if (!arguments.length && (!responsive || width <= lastWidth) && height <= maxHeight) {
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
@ -235,14 +235,20 @@ function submitPermissions() {
|
||||
if ($alertBoxLink) {
|
||||
// Remove forum_id[] from URL
|
||||
$alertBoxLink.attr('href', $alertBoxLink.attr('href').replace(/(&forum_id\[\]=[0-9]+)/g, ''));
|
||||
var previousPageForm = '<form action="' + $alertBoxLink.attr('href') + '" method="post">';
|
||||
$.each(forumIds, function (key, value) {
|
||||
previousPageForm += '<input type="text" name="forum_id[]" value="' + value + '" />';
|
||||
const $previousPageForm = $('<form>').attr({
|
||||
action: $alertBoxLink.attr('href'),
|
||||
method: 'post'
|
||||
});
|
||||
|
||||
$.each(forumIds, function (key, value) {
|
||||
$previousPageForm.append($('<input>').attr({
|
||||
type: 'text',
|
||||
name: 'forum_id[]',
|
||||
value: value
|
||||
}));
|
||||
});
|
||||
previousPageForm += '</form>';
|
||||
|
||||
$alertBoxLink.on('click', function (e) {
|
||||
var $previousPageForm = $(previousPageForm);
|
||||
$('body').append($previousPageForm);
|
||||
e.preventDefault();
|
||||
$previousPageForm.submit();
|
||||
@ -257,12 +263,19 @@ function submitPermissions() {
|
||||
setTimeout(function () {
|
||||
// Create forum to submit using POST. This will prevent
|
||||
// exceeding the maximum length of URLs
|
||||
var form = '<form action="' + res.REFRESH_DATA.url.replace(/(&forum_id\[\]=[0-9]+)/g, '') + '" method="post">';
|
||||
$.each(forumIds, function (key, value) {
|
||||
form += '<input type="text" name="forum_id[]" value="' + value + '" />';
|
||||
const $form = $('<form>').attr({
|
||||
action: res.REFRESH_DATA.url.replace(/(&forum_id\[\]=[0-9]+)/g, ''),
|
||||
method: 'post'
|
||||
});
|
||||
form += '</form>';
|
||||
$form = $(form);
|
||||
|
||||
$.each(forumIds, function (key, value) {
|
||||
$form.append($('<input>').attr({
|
||||
type: 'text',
|
||||
name: 'forum_id[]',
|
||||
value: value
|
||||
}));
|
||||
});
|
||||
|
||||
$('body').append($form);
|
||||
|
||||
// Hide the alert even if we refresh the page, in case the user
|
||||
|
||||
@ -650,7 +650,7 @@ function parseDocument($container) {
|
||||
html = $children.html();
|
||||
}
|
||||
|
||||
$block.append((first ? '' : '<br />') + html);
|
||||
$block.append((first ? '' : '<br>') + html);
|
||||
|
||||
first = false;
|
||||
});
|
||||
@ -670,7 +670,7 @@ function parseDocument($container) {
|
||||
|
||||
// Find all headers, get contents
|
||||
$list.prev('.topiclist').find('li.header dd').not('.mark').each(function() {
|
||||
headers.push($(this).text());
|
||||
headers.push($("<div>").text($(this).text()).html());
|
||||
headersLength++;
|
||||
});
|
||||
|
||||
@ -707,7 +707,7 @@ function parseDocument($container) {
|
||||
html = headers[i] + ': <strong>' + html + '</strong>';
|
||||
}
|
||||
|
||||
$block.append((first ? '' : '<br />') + html);
|
||||
$block.append((first ? '' : '<br>') + html);
|
||||
|
||||
first = false;
|
||||
});
|
||||
@ -773,7 +773,9 @@ function parseDocument($container) {
|
||||
}
|
||||
|
||||
if ((text.length && text !== '-') || cell.children().length) {
|
||||
cell.prepend('<dfn style="display: none;">' + headers[column] + '</dfn>');
|
||||
if (headers[column].length) {
|
||||
cell.prepend($("<dfn>").css('display', 'none').text(headers[column]));
|
||||
}
|
||||
} else {
|
||||
cell.addClass('empty');
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user