mirror_php/winter
1
0
Fork 0
mirror of https://github.com/wintercms/winter.git synced 2024-06-28 05:33:29 +02:00
Code Issues Projects Releases Wiki Activity

The manage form should not share its session key with the parent

Browse Source
This commit is contained in:
Sam Georges 2014-09-17 18:14:47 +10:00
parent 001a9f92ff
commit 04462f5b4c
2 changed files with 17 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
modules/backend/behaviors/RelationController.php
View File

@ -359,6 +359,7 @@ class RelationController extends ControllerBehavior
$this->vars['relationManageWidget'] = $this->manageWidget;
$this->vars['relationViewWidget'] = $this->viewWidget;
$this->vars['relationPivotWidget'] = $this->pivotWidget;
$this->vars['relationSessionKey'] = $this->relationGetSessionKey();
}
/**
@ -437,6 +438,9 @@ class RelationController extends ControllerBehavior
if ($this->manageMode == 'pivot' && $this->manageId)
return $this->onRelationManagePivotForm();
// The form should not share its session key with the parent
$this->vars['newSessionKey'] = str_random(40);
$view = 'manage_' . $this->manageMode;
return $this->relationMakePartial($view);
}
@ -449,7 +453,8 @@ class RelationController extends ControllerBehavior
$this->beforeAjax();
$saveData = $this->manageWidget->getSaveData();
$this->relationObject->create($saveData, $this->relationGetSessionKey());
$newModel = $this->relationObject->create($saveData, $this->relationGetSessionKey(true));
$newModel->commitDeferred($this->manageWidget->getSessionKey());
return ['#'.$this->relationGetId('view') => $this->relationRenderView()];
}
@ -462,7 +467,7 @@ class RelationController extends ControllerBehavior
$this->beforeAjax();
$saveData = $this->manageWidget->getSaveData();
$this->relationObject->find($this->manageId)->save($saveData, $this->relationGetSessionKey());
$this->relationObject->find($this->manageId)->save($saveData, $this->manageWidget->getSessionKey());
return ['#'.$this->relationGetId('view') => $this->relationRenderView()];
}
@ -800,11 +805,14 @@ class RelationController extends ControllerBehavior
/**
* Returns the active session key.
*/
public function relationGetSessionKey()
public function relationGetSessionKey($force = false)
{
if ($this->sessionKey)
if ($this->sessionKey && !$force)
return $this->sessionKey;
if (post('_relation_session_key'))
return $this->sessionKey = post('_relation_session_key');
if (post('_session_key'))
return $this->sessionKey = post('_session_key');

8
modules/backend/behaviors/relationcontroller/partials/_manage_form.htm
View File

@ -1,10 +1,11 @@
<?php if ($relationManageId): ?>
<?= Form::ajax('onRelationManageUpdate', ['data-stripe-load-indicator' => true]) ?>
<?= Form::ajax('onRelationManageUpdate', ['data-stripe-load-indicator' => true, 'sessionKey' => $newSessionKey]) ?>
<!-- Passable fields -->
<input type="hidden" name="_relation_field" value="<?= $relationField ?>" />
<input type="hidden" name="manage_id" value="<?= $relationManageId ?>" />
<input type="hidden" name="_relation_field" value="<?= $relationField ?>" />
<input type="hidden" name="_relation_session_key" value="<?= $relationSessionKey ?>" />
<div class="modal-header">
<button type="button" class="close" data-dismiss="popup">&times;</button>
@ -35,10 +36,11 @@
<?php else: ?>
<?= Form::ajax('onRelationManageCreate', ['data-stripe-load-indicator' => true]) ?>
<?= Form::ajax('onRelationManageCreate', ['data-stripe-load-indicator' => true, 'sessionKey' => $newSessionKey]) ?>
<!-- Passable fields -->
<input type="hidden" name="_relation_field" value="<?= $relationField ?>" />
<input type="hidden" name="_relation_session_key" value="<?= $relationSessionKey ?>" />
<div class="modal-header">
<button type="button" class="close" data-dismiss="popup">&times;</button>