Added csrfToken to js post requests
This commit is contained in:
parent
daf4865c29
commit
d88c138d2d
10 changed files with 115 additions and 28 deletions
|
@ -408,6 +408,7 @@ var BackendCalendar = {
|
|||
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_delete_appointment';
|
||||
|
||||
var postData = {
|
||||
'csrfToken': GlobalVariables.csrfToken,
|
||||
'appointment_id' : BackendCalendar.lastFocusedEventData.data['id'],
|
||||
'delete_reason': $('#delete-reason').val()
|
||||
};
|
||||
|
@ -450,6 +451,7 @@ var BackendCalendar = {
|
|||
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_delete_unavailable';
|
||||
|
||||
var postData = {
|
||||
'csrfToken': GlobalVariables.csrfToken,
|
||||
'unavailable_id' : BackendCalendar.lastFocusedEventData.data.id
|
||||
};
|
||||
|
||||
|
@ -712,6 +714,7 @@ var BackendCalendar = {
|
|||
// modal so the user can select the sync calendar.
|
||||
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_get_google_calendars';
|
||||
var postData = {
|
||||
'csrfToken': GlobalVariables.csrfToken,
|
||||
'provider_id': $('#select-filter-item').val()
|
||||
};
|
||||
$.post(postUrl, postData, function(response) {
|
||||
|
@ -949,6 +952,7 @@ var BackendCalendar = {
|
|||
$('#select-calendar').click(function() {
|
||||
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_select_google_calendar';
|
||||
var postData = {
|
||||
'csrfToken': GlobalVariables.csrfToken,
|
||||
'provider_id': $('#select-filter-item').val(),
|
||||
'calendar_id': $('#google-calendar').val()
|
||||
};
|
||||
|
@ -996,6 +1000,7 @@ var BackendCalendar = {
|
|||
refreshCalendarAppointments: function($calendar, recordId, filterType, startDate, endDate) {
|
||||
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_get_calendar_appointments';
|
||||
var postData = {
|
||||
'csrfToken': GlobalVariables.csrfToken,
|
||||
'record_id': recordId,
|
||||
'start_date': startDate.toString('yyyy-MM-dd'),
|
||||
'end_date': endDate.toString('yyyy-MM-dd'),
|
||||
|
@ -1381,7 +1386,10 @@ var BackendCalendar = {
|
|||
.toString('yyyy-MM-dd HH:mm:ss');
|
||||
|
||||
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_save_appointment';
|
||||
var postData = { 'appointment_data': JSON.stringify(appointment) };
|
||||
var postData = {
|
||||
'csrfToken': GlobalVariables.csrfToken,
|
||||
'appointment_data': JSON.stringify(appointment)
|
||||
};
|
||||
|
||||
$.post(postUrl, postData, function(response) {
|
||||
$('#notification').hide('blind');
|
||||
|
@ -1434,7 +1442,10 @@ var BackendCalendar = {
|
|||
.toString('yyyy-MM-dd HH:mm:ss');
|
||||
|
||||
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_save_unavailable';
|
||||
var postData = { 'unavailable': JSON.stringify(unavailable) };
|
||||
var postData = {
|
||||
'csrfToken': GlobalVariables.csrfToken,
|
||||
'unavailable': JSON.stringify(unavailable)
|
||||
};
|
||||
|
||||
$.post(postUrl, postData, function(response) {
|
||||
$('#notification').hide('blind');
|
||||
|
@ -1658,7 +1669,10 @@ var BackendCalendar = {
|
|||
|
||||
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_save_appointment';
|
||||
|
||||
var postData = { 'appointment_data': JSON.stringify(appointment) };
|
||||
var postData = {
|
||||
'csrfToken': GlobalVariables.csrfToken,
|
||||
'appointment_data': JSON.stringify(appointment)
|
||||
};
|
||||
|
||||
$.post(postUrl, postData, function(response) {
|
||||
$('#notification').hide('blind');
|
||||
|
@ -1720,7 +1734,10 @@ var BackendCalendar = {
|
|||
|
||||
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_save_unavailable';
|
||||
|
||||
var postData = { 'unavailable': JSON.stringify(unavailable) };
|
||||
var postData = {
|
||||
'csrfToken': GlobalVariables.csrfToken,
|
||||
'unavailable': JSON.stringify(unavailable)
|
||||
};
|
||||
|
||||
$.post(postUrl, postData, function(response) {
|
||||
$('#notification').hide('blind');
|
||||
|
@ -1781,7 +1798,10 @@ var BackendCalendar = {
|
|||
// Make an ajax call to the server in order to disable the setting
|
||||
// from the database.
|
||||
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_disable_provider_sync';
|
||||
var postData = { 'provider_id': providerId };
|
||||
var postData = {
|
||||
'csrfToken': GlobalVariables.csrfToken,
|
||||
'provider_id': providerId
|
||||
};
|
||||
|
||||
$.post(postUrl, postData, function(response) {
|
||||
////////////////////////////////////////////////////////////
|
||||
|
|
|
@ -216,7 +216,10 @@ CustomersHelper.prototype.bindEventHandlers = function() {
|
|||
*/
|
||||
CustomersHelper.prototype.save = function(customer) {
|
||||
var postUrl = GlobalVariables.baseUrl + '/index.php/index.php/backend_api/ajax_save_customer';
|
||||
var postData = { 'customer': JSON.stringify(customer) };
|
||||
var postData = {
|
||||
'csrfToken': GlobalVariables.csrfToken,
|
||||
'customer': JSON.stringify(customer)
|
||||
};
|
||||
|
||||
$.post(postUrl, postData, function(response) {
|
||||
///////////////////////////////////////////////////////////
|
||||
|
@ -239,7 +242,10 @@ CustomersHelper.prototype.save = function(customer) {
|
|||
*/
|
||||
CustomersHelper.prototype.delete = function(id) {
|
||||
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_delete_customer';
|
||||
var postData = { 'customer_id': id };
|
||||
var postData = {
|
||||
'csrfToken': GlobalVariables.csrfToken,
|
||||
'customer_id': id
|
||||
};
|
||||
|
||||
$.post(postUrl, postData, function(response) {
|
||||
////////////////////////////////////////////////////
|
||||
|
@ -358,7 +364,10 @@ CustomersHelper.prototype.filter = function(key, selectId, display) {
|
|||
if (display == undefined) display = false;
|
||||
|
||||
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_filter_customers';
|
||||
var postData = { 'key': key };
|
||||
var postData = {
|
||||
'csrfToken': GlobalVariables.csrfToken,
|
||||
'key': key
|
||||
};
|
||||
|
||||
$.post(postUrl, postData, function(response) {
|
||||
///////////////////////////////////////////////////////
|
||||
|
|
|
@ -83,7 +83,10 @@ var BackendServices = {
|
|||
*/
|
||||
updateAvailableCategories: function() {
|
||||
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_filter_service_categories';
|
||||
var postData = { 'key': '' };
|
||||
var postData = {
|
||||
'csrfToken': GlobalVariables.csrfToken,
|
||||
'key': ''
|
||||
};
|
||||
|
||||
$.post(postUrl, postData, function(response) {
|
||||
///////////////////////////////////////////////////////////////
|
||||
|
@ -260,7 +263,10 @@ ServicesHelper.prototype.save = function(service) {
|
|||
////////////////////////////////////////////////
|
||||
|
||||
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_save_service';
|
||||
var postData = { 'service': JSON.stringify(service) };
|
||||
var postData = {
|
||||
'csrfToken': GlobalVariables.csrfToken,
|
||||
'service': JSON.stringify(service)
|
||||
};
|
||||
|
||||
$.post(postUrl, postData, function(response) {
|
||||
//////////////////////////////////////////////////
|
||||
|
@ -282,7 +288,10 @@ ServicesHelper.prototype.save = function(service) {
|
|||
*/
|
||||
ServicesHelper.prototype.delete = function(id) {
|
||||
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_delete_service';
|
||||
var postData = { 'service_id': id };
|
||||
var postData = {
|
||||
'csrfToken': GlobalVariables.csrfToken,
|
||||
'service_id': id
|
||||
};
|
||||
|
||||
$.post(postUrl, postData, function(response) {
|
||||
////////////////////////////////////////////////////
|
||||
|
@ -375,7 +384,10 @@ ServicesHelper.prototype.filter = function(key, selectId, display) {
|
|||
if (display == undefined) display = false;
|
||||
|
||||
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_filter_services';
|
||||
var postData = { 'key': key };
|
||||
var postData = {
|
||||
'csrfToken': GlobalVariables.csrfToken,
|
||||
'key': key
|
||||
};
|
||||
|
||||
$.post(postUrl, postData, function(response) {
|
||||
/////////////////////////////////////////////////////
|
||||
|
@ -595,7 +607,10 @@ CategoriesHelper.prototype.bindEventHandlers = function() {
|
|||
*/
|
||||
CategoriesHelper.prototype.filter = function(key, selectId, display) {
|
||||
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_filter_service_categories';
|
||||
var postData = { 'key': key };
|
||||
var postData = {
|
||||
'csrfToken': GlobalVariables.csrfToken,
|
||||
'key': key
|
||||
};
|
||||
|
||||
$.post(postUrl, postData, function(response) {
|
||||
///////////////////////////////////////////////////////
|
||||
|
@ -632,7 +647,10 @@ CategoriesHelper.prototype.filter = function(key, selectId, display) {
|
|||
*/
|
||||
CategoriesHelper.prototype.save = function(category) {
|
||||
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_save_service_category';
|
||||
var postData = { 'category': JSON.stringify(category) };
|
||||
var postData = {
|
||||
'csrfToken': GlobalVariables.csrfToken,
|
||||
'category': JSON.stringify(category)
|
||||
};
|
||||
|
||||
$.post(postUrl, postData, function(response) {
|
||||
///////////////////////////////////////////////////////////
|
||||
|
@ -656,7 +674,10 @@ CategoriesHelper.prototype.save = function(category) {
|
|||
*/
|
||||
CategoriesHelper.prototype.delete = function(id) {
|
||||
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_delete_service_category';
|
||||
var postData = { 'category_id': id };
|
||||
var postData = {
|
||||
'csrfToken': GlobalVariables.csrfToken,
|
||||
'category_id': id
|
||||
};
|
||||
|
||||
$.post(postUrl, postData, function(response) {
|
||||
////////////////////////////////////////////////////
|
||||
|
|
|
@ -170,6 +170,7 @@ var BackendSettings = {
|
|||
|
||||
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_validate_username';
|
||||
var postData = {
|
||||
'csrfToken': GlobalVariables.csrfToken,
|
||||
'username': $input.val(),
|
||||
'user_id': $input.parents().eq(2).find('#user-id').val()
|
||||
};
|
||||
|
@ -207,6 +208,7 @@ var SystemSettings = function() {};
|
|||
SystemSettings.prototype.save = function(settings) {
|
||||
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_save_settings';
|
||||
var postData = {
|
||||
'csrfToken': GlobalVariables.csrfToken,
|
||||
'settings': JSON.stringify(settings),
|
||||
'type': BackendSettings.SETTINGS_SYSTEM
|
||||
};
|
||||
|
@ -348,6 +350,7 @@ UserSettings.prototype.save = function(settings) {
|
|||
|
||||
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_save_settings';
|
||||
var postData = {
|
||||
'csrfToken': GlobalVariables.csrfToken,
|
||||
'type': BackendSettings.SETTINGS_USER,
|
||||
'settings': JSON.stringify(settings)
|
||||
};
|
||||
|
|
|
@ -101,7 +101,10 @@ var BackendUsers = {
|
|||
|
||||
// Update the list with the all the available providers.
|
||||
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_filter_providers';
|
||||
var postData = { 'key': '' };
|
||||
var postData = {
|
||||
'csrfToken': GlobalVariables.csrfToken,
|
||||
'key': ''
|
||||
};
|
||||
$.post(postUrl, postData, function(response) {
|
||||
//////////////////////////////////////////////////////////
|
||||
//console.log('Get all db providers response:', response);
|
||||
|
@ -142,7 +145,8 @@ var BackendUsers = {
|
|||
}
|
||||
|
||||
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_validate_username';
|
||||
var postData = {
|
||||
var postData = {
|
||||
'csrfToken': GlobalVariables.csrfToken,
|
||||
'username': $input.val(),
|
||||
'user_id': $input.parents().eq(2).find('.record-id').val()
|
||||
};
|
||||
|
|
|
@ -169,7 +169,10 @@ AdminsHelper.prototype.save = function(admin) {
|
|||
////////////////////////////////////////////
|
||||
|
||||
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_save_admin';
|
||||
var postData = { 'admin': JSON.stringify(admin) };
|
||||
var postData = {
|
||||
'csrfToken': GlobalVariables.csrfToken,
|
||||
'admin': JSON.stringify(admin)
|
||||
};
|
||||
|
||||
$.post(postUrl, postData, function(response) {
|
||||
////////////////////////////////////////////////
|
||||
|
@ -190,7 +193,10 @@ AdminsHelper.prototype.save = function(admin) {
|
|||
*/
|
||||
AdminsHelper.prototype.delete = function(id) {
|
||||
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_delete_admin';
|
||||
var postData = { 'admin_id': id };
|
||||
var postData = {
|
||||
'csrfToken': GlobalVariables.csrfToken,
|
||||
'admin_id': id
|
||||
};
|
||||
|
||||
$.post(postUrl, postData, function(response) {
|
||||
//////////////////////////////////////////////////
|
||||
|
@ -318,7 +324,10 @@ AdminsHelper.prototype.filter = function(key, selectId, display) {
|
|||
if (display == undefined) display = false;
|
||||
|
||||
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_filter_admins';
|
||||
var postData = { 'key': key };
|
||||
var postData = {
|
||||
'csrfToken': GlobalVariables.csrfToken,
|
||||
'key': key
|
||||
};
|
||||
|
||||
$.post(postUrl, postData, function(response) {
|
||||
///////////////////////////////////////////////////
|
||||
|
|
|
@ -220,7 +220,10 @@ ProvidersHelper.prototype.save = function(provider) {
|
|||
//////////////////////////////////////////////////
|
||||
|
||||
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_save_provider';
|
||||
var postData = { 'provider': JSON.stringify(provider) };
|
||||
var postData = {
|
||||
'csrfToken': GlobalVariables.csrfToken,
|
||||
'provider': JSON.stringify(provider)
|
||||
};
|
||||
|
||||
$.post(postUrl, postData, function(response) {
|
||||
///////////////////////////////////////////////////
|
||||
|
@ -241,7 +244,10 @@ ProvidersHelper.prototype.save = function(provider) {
|
|||
*/
|
||||
ProvidersHelper.prototype.delete = function(id) {
|
||||
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_delete_provider';
|
||||
var postData = { 'provider_id': id };
|
||||
var postData = {
|
||||
'csrfToken': GlobalVariables.csrfToken,
|
||||
'provider_id': id
|
||||
};
|
||||
|
||||
$.post(postUrl, postData, function(response) {
|
||||
/////////////////////////////////////////////////////
|
||||
|
@ -394,7 +400,10 @@ ProvidersHelper.prototype.filter = function(key, selectId, display) {
|
|||
if (display == undefined) display = false;
|
||||
|
||||
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_filter_providers';
|
||||
var postData = { 'key': key };
|
||||
var postData = {
|
||||
'csrfToken': GlobalVariables.csrfToken,
|
||||
'key': key
|
||||
};
|
||||
|
||||
$.post(postUrl, postData, function(response) {
|
||||
//////////////////////////////////////////////////////
|
||||
|
|
|
@ -180,7 +180,10 @@ SecretariesHelper.prototype.save = function(secretary) {
|
|||
////////////////////////////////////////////////////
|
||||
|
||||
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_save_secretary';
|
||||
var postData = { 'secretary': JSON.stringify(secretary) };
|
||||
var postData = {
|
||||
'csrfToken': GlobalVariables.csrfToken,
|
||||
'secretary': JSON.stringify(secretary)
|
||||
};
|
||||
|
||||
$.post(postUrl, postData, function(response) {
|
||||
////////////////////////////////////////////////////
|
||||
|
@ -201,7 +204,10 @@ SecretariesHelper.prototype.save = function(secretary) {
|
|||
*/
|
||||
SecretariesHelper.prototype.delete = function(id) {
|
||||
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_delete_secretary';
|
||||
var postData = { 'secretary_id': id };
|
||||
var postData = {
|
||||
'csrfToken': GlobalVariables.csrfToken,
|
||||
'secretary_id': id
|
||||
};
|
||||
|
||||
$.post(postUrl, postData, function(response) {
|
||||
//////////////////////////////////////////////////////
|
||||
|
@ -339,7 +345,10 @@ SecretariesHelper.prototype.filter = function(key, selectId, display) {
|
|||
if (display == undefined) display = false;
|
||||
|
||||
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_filter_secretaries';
|
||||
var postData = { 'key': key };
|
||||
var postData = {
|
||||
'csrfToken': GlobalVariables.csrfToken,
|
||||
'key': key
|
||||
};
|
||||
|
||||
$.post(postUrl, postData, function(response) {
|
||||
////////////////////////////////////////////////////////
|
||||
|
|
|
@ -321,7 +321,7 @@ var FrontendBook = {
|
|||
|
||||
// Make ajax post request and get the available hours.
|
||||
var ajaxurl = GlobalVariables.baseUrl + '/index.php/appointments/ajax_get_available_hours';
|
||||
jQuery.post(ajaxurl, postData, function(response) {
|
||||
$.post(ajaxurl, postData, function(response) {
|
||||
///////////////////////////////////////////////////////////////
|
||||
console.log('Get Available Hours JSON Response:', response);
|
||||
///////////////////////////////////////////////////////////////
|
||||
|
|
|
@ -306,7 +306,10 @@ var GeneralFunctions = {
|
|||
$(document).on('click', 'li.language', function() {
|
||||
// Change language with ajax call and refresh page.
|
||||
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_change_language';
|
||||
var postData = { 'language': $(this).attr('data-language') };
|
||||
var postData = {
|
||||
'csrfToken': GlobalVariables.csrfToken,
|
||||
'language': $(this).attr('data-language'),
|
||||
};
|
||||
$.post(postUrl, postData, function(response) {
|
||||
////////////////////////////////////////////////////
|
||||
console.log('Change Language Response', response);
|
||||
|
|
Loading…
Reference in a new issue