maket/MaketRandevu
1
1
Fork 0
Code Issues 15 Pull requests Projects Releases 4 Packages Wiki Activity

Added csrfToken to js post requests

Browse source
This commit is contained in:
Alex Tselegidis 2015-05-27 23:42:40 +02:00
parent daf4865c29
commit d88c138d2d
10 changed files with 115 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
src/assets/js/backend_calendar.js
View file

@ -408,6 +408,7 @@ var BackendCalendar = {
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_delete_appointment';
var postData = {
'csrfToken': GlobalVariables.csrfToken,
'appointment_id' : BackendCalendar.lastFocusedEventData.data['id'],
'delete_reason': $('#delete-reason').val()
};
@ -450,6 +451,7 @@ var BackendCalendar = {
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_delete_unavailable';
var postData = {
'csrfToken': GlobalVariables.csrfToken,
'unavailable_id' : BackendCalendar.lastFocusedEventData.data.id
};
@ -712,6 +714,7 @@ var BackendCalendar = {
// modal so the user can select the sync calendar.
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_get_google_calendars';
var postData = {
'csrfToken': GlobalVariables.csrfToken,
'provider_id': $('#select-filter-item').val()
};
$.post(postUrl, postData, function(response) {
@ -949,6 +952,7 @@ var BackendCalendar = {
$('#select-calendar').click(function() {
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_select_google_calendar';
var postData = {
'csrfToken': GlobalVariables.csrfToken,
'provider_id': $('#select-filter-item').val(),
'calendar_id': $('#google-calendar').val()
};
@ -996,6 +1000,7 @@ var BackendCalendar = {
refreshCalendarAppointments: function($calendar, recordId, filterType, startDate, endDate) {
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_get_calendar_appointments';
var postData = {
'csrfToken': GlobalVariables.csrfToken,
'record_id': recordId,
'start_date': startDate.toString('yyyy-MM-dd'),
'end_date': endDate.toString('yyyy-MM-dd'),
@ -1381,7 +1386,10 @@ var BackendCalendar = {
.toString('yyyy-MM-dd HH:mm:ss');
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_save_appointment';
var postData = { 'appointment_data': JSON.stringify(appointment) };
var postData = {
'csrfToken': GlobalVariables.csrfToken,
'appointment_data': JSON.stringify(appointment)
};
$.post(postUrl, postData, function(response) {
$('#notification').hide('blind');
@ -1434,7 +1442,10 @@ var BackendCalendar = {
.toString('yyyy-MM-dd HH:mm:ss');
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_save_unavailable';
var postData = { 'unavailable': JSON.stringify(unavailable) };
var postData = {
'csrfToken': GlobalVariables.csrfToken,
'unavailable': JSON.stringify(unavailable)
};
$.post(postUrl, postData, function(response) {
$('#notification').hide('blind');
@ -1658,7 +1669,10 @@ var BackendCalendar = {
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_save_appointment';
var postData = { 'appointment_data': JSON.stringify(appointment) };
var postData = {
'csrfToken': GlobalVariables.csrfToken,
'appointment_data': JSON.stringify(appointment)
};
$.post(postUrl, postData, function(response) {
$('#notification').hide('blind');
@ -1720,7 +1734,10 @@ var BackendCalendar = {
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_save_unavailable';
var postData = { 'unavailable': JSON.stringify(unavailable) };
var postData = {
'csrfToken': GlobalVariables.csrfToken,
'unavailable': JSON.stringify(unavailable)
};
$.post(postUrl, postData, function(response) {
$('#notification').hide('blind');
@ -1781,7 +1798,10 @@ var BackendCalendar = {
// Make an ajax call to the server in order to disable the setting
// from the database.
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_disable_provider_sync';
var postData = { 'provider_id': providerId };
var postData = {
'csrfToken': GlobalVariables.csrfToken,
'provider_id': providerId
};
$.post(postUrl, postData, function(response) {
////////////////////////////////////////////////////////////

15
src/assets/js/backend_customers.js
View file

@ -216,7 +216,10 @@ CustomersHelper.prototype.bindEventHandlers = function() {
*/
CustomersHelper.prototype.save = function(customer) {
var postUrl = GlobalVariables.baseUrl + '/index.php/index.php/backend_api/ajax_save_customer';
var postData = { 'customer': JSON.stringify(customer) };
var postData = {
'csrfToken': GlobalVariables.csrfToken,
'customer': JSON.stringify(customer)
};
$.post(postUrl, postData, function(response) {
///////////////////////////////////////////////////////////
@ -239,7 +242,10 @@ CustomersHelper.prototype.save = function(customer) {
*/
CustomersHelper.prototype.delete = function(id) {
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_delete_customer';
var postData = { 'customer_id': id };
var postData = {
'csrfToken': GlobalVariables.csrfToken,
'customer_id': id
};
$.post(postUrl, postData, function(response) {
////////////////////////////////////////////////////
@ -358,7 +364,10 @@ CustomersHelper.prototype.filter = function(key, selectId, display) {
if (display == undefined) display = false;
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_filter_customers';
var postData = { 'key': key };
var postData = {
'csrfToken': GlobalVariables.csrfToken,
'key': key
};
$.post(postUrl, postData, function(response) {
///////////////////////////////////////////////////////

35
src/assets/js/backend_services.js
View file

@ -83,7 +83,10 @@ var BackendServices = {
*/
updateAvailableCategories: function() {
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_filter_service_categories';
var postData = { 'key': '' };
var postData = {
'csrfToken': GlobalVariables.csrfToken,
'key': ''
};
$.post(postUrl, postData, function(response) {
///////////////////////////////////////////////////////////////
@ -260,7 +263,10 @@ ServicesHelper.prototype.save = function(service) {
////////////////////////////////////////////////
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_save_service';
var postData = { 'service': JSON.stringify(service) };
var postData = {
'csrfToken': GlobalVariables.csrfToken,
'service': JSON.stringify(service)
};
$.post(postUrl, postData, function(response) {
//////////////////////////////////////////////////
@ -282,7 +288,10 @@ ServicesHelper.prototype.save = function(service) {
*/
ServicesHelper.prototype.delete = function(id) {
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_delete_service';
var postData = { 'service_id': id };
var postData = {
'csrfToken': GlobalVariables.csrfToken,
'service_id': id
};
$.post(postUrl, postData, function(response) {
////////////////////////////////////////////////////
@ -375,7 +384,10 @@ ServicesHelper.prototype.filter = function(key, selectId, display) {
if (display == undefined) display = false;
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_filter_services';
var postData = { 'key': key };
var postData = {
'csrfToken': GlobalVariables.csrfToken,
'key': key
};
$.post(postUrl, postData, function(response) {
/////////////////////////////////////////////////////
@ -595,7 +607,10 @@ CategoriesHelper.prototype.bindEventHandlers = function() {
*/
CategoriesHelper.prototype.filter = function(key, selectId, display) {
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_filter_service_categories';
var postData = { 'key': key };
var postData = {
'csrfToken': GlobalVariables.csrfToken,
'key': key
};
$.post(postUrl, postData, function(response) {
///////////////////////////////////////////////////////
@ -632,7 +647,10 @@ CategoriesHelper.prototype.filter = function(key, selectId, display) {
*/
CategoriesHelper.prototype.save = function(category) {
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_save_service_category';
var postData = { 'category': JSON.stringify(category) };
var postData = {
'csrfToken': GlobalVariables.csrfToken,
'category': JSON.stringify(category)
};
$.post(postUrl, postData, function(response) {
///////////////////////////////////////////////////////////
@ -656,7 +674,10 @@ CategoriesHelper.prototype.save = function(category) {
*/
CategoriesHelper.prototype.delete = function(id) {
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_delete_service_category';
var postData = { 'category_id': id };
var postData = {
'csrfToken': GlobalVariables.csrfToken,
'category_id': id
};
$.post(postUrl, postData, function(response) {
////////////////////////////////////////////////////

3
src/assets/js/backend_settings.js
View file

@ -170,6 +170,7 @@ var BackendSettings = {
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_validate_username';
var postData = {
'csrfToken': GlobalVariables.csrfToken,
'username': $input.val(),
'user_id': $input.parents().eq(2).find('#user-id').val()
};
@ -207,6 +208,7 @@ var SystemSettings = function() {};
SystemSettings.prototype.save = function(settings) {
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_save_settings';
var postData = {
'csrfToken': GlobalVariables.csrfToken,
'settings': JSON.stringify(settings),
'type': BackendSettings.SETTINGS_SYSTEM
};
@ -348,6 +350,7 @@ UserSettings.prototype.save = function(settings) {
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_save_settings';
var postData = {
'csrfToken': GlobalVariables.csrfToken,
'type': BackendSettings.SETTINGS_USER,
'settings': JSON.stringify(settings)
};

8
src/assets/js/backend_users.js
View file

@ -101,7 +101,10 @@ var BackendUsers = {
// Update the list with the all the available providers.
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_filter_providers';
var postData = { 'key': '' };
var postData = {
'csrfToken': GlobalVariables.csrfToken,
'key': ''
};
$.post(postUrl, postData, function(response) {
//////////////////////////////////////////////////////////
//console.log('Get all db providers response:', response);
@ -142,7 +145,8 @@ var BackendUsers = {
}
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_validate_username';
var postData = {
var postData = {
'csrfToken': GlobalVariables.csrfToken,
'username': $input.val(),
'user_id': $input.parents().eq(2).find('.record-id').val()
};

15
src/assets/js/backend_users_admins.js
View file

@ -169,7 +169,10 @@ AdminsHelper.prototype.save = function(admin) {
////////////////////////////////////////////
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_save_admin';
var postData = { 'admin': JSON.stringify(admin) };
var postData = {
'csrfToken': GlobalVariables.csrfToken,
'admin': JSON.stringify(admin)
};
$.post(postUrl, postData, function(response) {
////////////////////////////////////////////////
@ -190,7 +193,10 @@ AdminsHelper.prototype.save = function(admin) {
*/
AdminsHelper.prototype.delete = function(id) {
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_delete_admin';
var postData = { 'admin_id': id };
var postData = {
'csrfToken': GlobalVariables.csrfToken,
'admin_id': id
};
$.post(postUrl, postData, function(response) {
//////////////////////////////////////////////////
@ -318,7 +324,10 @@ AdminsHelper.prototype.filter = function(key, selectId, display) {
if (display == undefined) display = false;
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_filter_admins';
var postData = { 'key': key };
var postData = {
'csrfToken': GlobalVariables.csrfToken,
'key': key
};
$.post(postUrl, postData, function(response) {
///////////////////////////////////////////////////

15
src/assets/js/backend_users_providers.js
View file

@ -220,7 +220,10 @@ ProvidersHelper.prototype.save = function(provider) {
//////////////////////////////////////////////////
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_save_provider';
var postData = { 'provider': JSON.stringify(provider) };
var postData = {
'csrfToken': GlobalVariables.csrfToken,
'provider': JSON.stringify(provider)
};
$.post(postUrl, postData, function(response) {
///////////////////////////////////////////////////
@ -241,7 +244,10 @@ ProvidersHelper.prototype.save = function(provider) {
*/
ProvidersHelper.prototype.delete = function(id) {
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_delete_provider';
var postData = { 'provider_id': id };
var postData = {
'csrfToken': GlobalVariables.csrfToken,
'provider_id': id
};
$.post(postUrl, postData, function(response) {
/////////////////////////////////////////////////////
@ -394,7 +400,10 @@ ProvidersHelper.prototype.filter = function(key, selectId, display) {
if (display == undefined) display = false;
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_filter_providers';
var postData = { 'key': key };
var postData = {
'csrfToken': GlobalVariables.csrfToken,
'key': key
};
$.post(postUrl, postData, function(response) {
//////////////////////////////////////////////////////

15
src/assets/js/backend_users_secretaries.js
View file

@ -180,7 +180,10 @@ SecretariesHelper.prototype.save = function(secretary) {
////////////////////////////////////////////////////
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_save_secretary';
var postData = { 'secretary': JSON.stringify(secretary) };
var postData = {
'csrfToken': GlobalVariables.csrfToken,
'secretary': JSON.stringify(secretary)
};
$.post(postUrl, postData, function(response) {
////////////////////////////////////////////////////
@ -201,7 +204,10 @@ SecretariesHelper.prototype.save = function(secretary) {
*/
SecretariesHelper.prototype.delete = function(id) {
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_delete_secretary';
var postData = { 'secretary_id': id };
var postData = {
'csrfToken': GlobalVariables.csrfToken,
'secretary_id': id
};
$.post(postUrl, postData, function(response) {
//////////////////////////////////////////////////////
@ -339,7 +345,10 @@ SecretariesHelper.prototype.filter = function(key, selectId, display) {
if (display == undefined) display = false;
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_filter_secretaries';
var postData = { 'key': key };
var postData = {
'csrfToken': GlobalVariables.csrfToken,
'key': key
};
$.post(postUrl, postData, function(response) {
////////////////////////////////////////////////////////

2
src/assets/js/frontend_book.js
View file

@ -321,7 +321,7 @@ var FrontendBook = {
// Make ajax post request and get the available hours.
var ajaxurl = GlobalVariables.baseUrl + '/index.php/appointments/ajax_get_available_hours';
jQuery.post(ajaxurl, postData, function(response) {
$.post(ajaxurl, postData, function(response) {
///////////////////////////////////////////////////////////////
console.log('Get Available Hours JSON Response:', response);
///////////////////////////////////////////////////////////////

5
src/assets/js/general_functions.js
View file

@ -306,7 +306,10 @@ var GeneralFunctions = {
$(document).on('click', 'li.language', function() {
// Change language with ajax call and refresh page.
var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_change_language';
var postData = { 'language': $(this).attr('data-language') };
var postData = {
'csrfToken': GlobalVariables.csrfToken,
'language': $(this).attr('data-language'),
};
$.post(postUrl, postData, function(response) {
////////////////////////////////////////////////////
console.log('Change Language Response', response);