diff --git a/src/assets/js/backend_calendar.js b/src/assets/js/backend_calendar.js index 1b6a6c67..dc869fd2 100644 --- a/src/assets/js/backend_calendar.js +++ b/src/assets/js/backend_calendar.js @@ -408,6 +408,7 @@ var BackendCalendar = { var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_delete_appointment'; var postData = { + 'csrfToken': GlobalVariables.csrfToken, 'appointment_id' : BackendCalendar.lastFocusedEventData.data['id'], 'delete_reason': $('#delete-reason').val() }; @@ -450,6 +451,7 @@ var BackendCalendar = { var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_delete_unavailable'; var postData = { + 'csrfToken': GlobalVariables.csrfToken, 'unavailable_id' : BackendCalendar.lastFocusedEventData.data.id }; @@ -712,6 +714,7 @@ var BackendCalendar = { // modal so the user can select the sync calendar. var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_get_google_calendars'; var postData = { + 'csrfToken': GlobalVariables.csrfToken, 'provider_id': $('#select-filter-item').val() }; $.post(postUrl, postData, function(response) { @@ -949,6 +952,7 @@ var BackendCalendar = { $('#select-calendar').click(function() { var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_select_google_calendar'; var postData = { + 'csrfToken': GlobalVariables.csrfToken, 'provider_id': $('#select-filter-item').val(), 'calendar_id': $('#google-calendar').val() }; @@ -996,6 +1000,7 @@ var BackendCalendar = { refreshCalendarAppointments: function($calendar, recordId, filterType, startDate, endDate) { var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_get_calendar_appointments'; var postData = { + 'csrfToken': GlobalVariables.csrfToken, 'record_id': recordId, 'start_date': startDate.toString('yyyy-MM-dd'), 'end_date': endDate.toString('yyyy-MM-dd'), @@ -1381,7 +1386,10 @@ var BackendCalendar = { .toString('yyyy-MM-dd HH:mm:ss'); var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_save_appointment'; - var postData = { 'appointment_data': JSON.stringify(appointment) }; + var postData = { + 'csrfToken': GlobalVariables.csrfToken, + 'appointment_data': JSON.stringify(appointment) + }; $.post(postUrl, postData, function(response) { $('#notification').hide('blind'); @@ -1434,7 +1442,10 @@ var BackendCalendar = { .toString('yyyy-MM-dd HH:mm:ss'); var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_save_unavailable'; - var postData = { 'unavailable': JSON.stringify(unavailable) }; + var postData = { + 'csrfToken': GlobalVariables.csrfToken, + 'unavailable': JSON.stringify(unavailable) + }; $.post(postUrl, postData, function(response) { $('#notification').hide('blind'); @@ -1658,7 +1669,10 @@ var BackendCalendar = { var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_save_appointment'; - var postData = { 'appointment_data': JSON.stringify(appointment) }; + var postData = { + 'csrfToken': GlobalVariables.csrfToken, + 'appointment_data': JSON.stringify(appointment) + }; $.post(postUrl, postData, function(response) { $('#notification').hide('blind'); @@ -1720,7 +1734,10 @@ var BackendCalendar = { var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_save_unavailable'; - var postData = { 'unavailable': JSON.stringify(unavailable) }; + var postData = { + 'csrfToken': GlobalVariables.csrfToken, + 'unavailable': JSON.stringify(unavailable) + }; $.post(postUrl, postData, function(response) { $('#notification').hide('blind'); @@ -1781,7 +1798,10 @@ var BackendCalendar = { // Make an ajax call to the server in order to disable the setting // from the database. var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_disable_provider_sync'; - var postData = { 'provider_id': providerId }; + var postData = { + 'csrfToken': GlobalVariables.csrfToken, + 'provider_id': providerId + }; $.post(postUrl, postData, function(response) { //////////////////////////////////////////////////////////// diff --git a/src/assets/js/backend_customers.js b/src/assets/js/backend_customers.js index e3ce83f2..fe0f7975 100644 --- a/src/assets/js/backend_customers.js +++ b/src/assets/js/backend_customers.js @@ -216,7 +216,10 @@ CustomersHelper.prototype.bindEventHandlers = function() { */ CustomersHelper.prototype.save = function(customer) { var postUrl = GlobalVariables.baseUrl + '/index.php/index.php/backend_api/ajax_save_customer'; - var postData = { 'customer': JSON.stringify(customer) }; + var postData = { + 'csrfToken': GlobalVariables.csrfToken, + 'customer': JSON.stringify(customer) + }; $.post(postUrl, postData, function(response) { /////////////////////////////////////////////////////////// @@ -239,7 +242,10 @@ CustomersHelper.prototype.save = function(customer) { */ CustomersHelper.prototype.delete = function(id) { var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_delete_customer'; - var postData = { 'customer_id': id }; + var postData = { + 'csrfToken': GlobalVariables.csrfToken, + 'customer_id': id + }; $.post(postUrl, postData, function(response) { //////////////////////////////////////////////////// @@ -358,7 +364,10 @@ CustomersHelper.prototype.filter = function(key, selectId, display) { if (display == undefined) display = false; var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_filter_customers'; - var postData = { 'key': key }; + var postData = { + 'csrfToken': GlobalVariables.csrfToken, + 'key': key + }; $.post(postUrl, postData, function(response) { /////////////////////////////////////////////////////// diff --git a/src/assets/js/backend_services.js b/src/assets/js/backend_services.js index 67cbcd8c..7f3f2027 100644 --- a/src/assets/js/backend_services.js +++ b/src/assets/js/backend_services.js @@ -83,7 +83,10 @@ var BackendServices = { */ updateAvailableCategories: function() { var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_filter_service_categories'; - var postData = { 'key': '' }; + var postData = { + 'csrfToken': GlobalVariables.csrfToken, + 'key': '' + }; $.post(postUrl, postData, function(response) { /////////////////////////////////////////////////////////////// @@ -260,7 +263,10 @@ ServicesHelper.prototype.save = function(service) { //////////////////////////////////////////////// var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_save_service'; - var postData = { 'service': JSON.stringify(service) }; + var postData = { + 'csrfToken': GlobalVariables.csrfToken, + 'service': JSON.stringify(service) + }; $.post(postUrl, postData, function(response) { ////////////////////////////////////////////////// @@ -282,7 +288,10 @@ ServicesHelper.prototype.save = function(service) { */ ServicesHelper.prototype.delete = function(id) { var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_delete_service'; - var postData = { 'service_id': id }; + var postData = { + 'csrfToken': GlobalVariables.csrfToken, + 'service_id': id + }; $.post(postUrl, postData, function(response) { //////////////////////////////////////////////////// @@ -375,7 +384,10 @@ ServicesHelper.prototype.filter = function(key, selectId, display) { if (display == undefined) display = false; var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_filter_services'; - var postData = { 'key': key }; + var postData = { + 'csrfToken': GlobalVariables.csrfToken, + 'key': key + }; $.post(postUrl, postData, function(response) { ///////////////////////////////////////////////////// @@ -595,7 +607,10 @@ CategoriesHelper.prototype.bindEventHandlers = function() { */ CategoriesHelper.prototype.filter = function(key, selectId, display) { var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_filter_service_categories'; - var postData = { 'key': key }; + var postData = { + 'csrfToken': GlobalVariables.csrfToken, + 'key': key + }; $.post(postUrl, postData, function(response) { /////////////////////////////////////////////////////// @@ -632,7 +647,10 @@ CategoriesHelper.prototype.filter = function(key, selectId, display) { */ CategoriesHelper.prototype.save = function(category) { var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_save_service_category'; - var postData = { 'category': JSON.stringify(category) }; + var postData = { + 'csrfToken': GlobalVariables.csrfToken, + 'category': JSON.stringify(category) + }; $.post(postUrl, postData, function(response) { /////////////////////////////////////////////////////////// @@ -656,7 +674,10 @@ CategoriesHelper.prototype.save = function(category) { */ CategoriesHelper.prototype.delete = function(id) { var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_delete_service_category'; - var postData = { 'category_id': id }; + var postData = { + 'csrfToken': GlobalVariables.csrfToken, + 'category_id': id + }; $.post(postUrl, postData, function(response) { //////////////////////////////////////////////////// diff --git a/src/assets/js/backend_settings.js b/src/assets/js/backend_settings.js index 5f5c9c20..32c5eadd 100644 --- a/src/assets/js/backend_settings.js +++ b/src/assets/js/backend_settings.js @@ -170,6 +170,7 @@ var BackendSettings = { var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_validate_username'; var postData = { + 'csrfToken': GlobalVariables.csrfToken, 'username': $input.val(), 'user_id': $input.parents().eq(2).find('#user-id').val() }; @@ -207,6 +208,7 @@ var SystemSettings = function() {}; SystemSettings.prototype.save = function(settings) { var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_save_settings'; var postData = { + 'csrfToken': GlobalVariables.csrfToken, 'settings': JSON.stringify(settings), 'type': BackendSettings.SETTINGS_SYSTEM }; @@ -348,6 +350,7 @@ UserSettings.prototype.save = function(settings) { var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_save_settings'; var postData = { + 'csrfToken': GlobalVariables.csrfToken, 'type': BackendSettings.SETTINGS_USER, 'settings': JSON.stringify(settings) }; diff --git a/src/assets/js/backend_users.js b/src/assets/js/backend_users.js index 21bc494d..4018f571 100644 --- a/src/assets/js/backend_users.js +++ b/src/assets/js/backend_users.js @@ -101,7 +101,10 @@ var BackendUsers = { // Update the list with the all the available providers. var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_filter_providers'; - var postData = { 'key': '' }; + var postData = { + 'csrfToken': GlobalVariables.csrfToken, + 'key': '' + }; $.post(postUrl, postData, function(response) { ////////////////////////////////////////////////////////// //console.log('Get all db providers response:', response); @@ -142,7 +145,8 @@ var BackendUsers = { } var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_validate_username'; - var postData = { + var postData = { + 'csrfToken': GlobalVariables.csrfToken, 'username': $input.val(), 'user_id': $input.parents().eq(2).find('.record-id').val() }; diff --git a/src/assets/js/backend_users_admins.js b/src/assets/js/backend_users_admins.js index 2e777564..1efe9613 100644 --- a/src/assets/js/backend_users_admins.js +++ b/src/assets/js/backend_users_admins.js @@ -169,7 +169,10 @@ AdminsHelper.prototype.save = function(admin) { //////////////////////////////////////////// var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_save_admin'; - var postData = { 'admin': JSON.stringify(admin) }; + var postData = { + 'csrfToken': GlobalVariables.csrfToken, + 'admin': JSON.stringify(admin) + }; $.post(postUrl, postData, function(response) { //////////////////////////////////////////////// @@ -190,7 +193,10 @@ AdminsHelper.prototype.save = function(admin) { */ AdminsHelper.prototype.delete = function(id) { var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_delete_admin'; - var postData = { 'admin_id': id }; + var postData = { + 'csrfToken': GlobalVariables.csrfToken, + 'admin_id': id + }; $.post(postUrl, postData, function(response) { ////////////////////////////////////////////////// @@ -318,7 +324,10 @@ AdminsHelper.prototype.filter = function(key, selectId, display) { if (display == undefined) display = false; var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_filter_admins'; - var postData = { 'key': key }; + var postData = { + 'csrfToken': GlobalVariables.csrfToken, + 'key': key + }; $.post(postUrl, postData, function(response) { /////////////////////////////////////////////////// diff --git a/src/assets/js/backend_users_providers.js b/src/assets/js/backend_users_providers.js index 5739ba16..e5b347d7 100644 --- a/src/assets/js/backend_users_providers.js +++ b/src/assets/js/backend_users_providers.js @@ -220,7 +220,10 @@ ProvidersHelper.prototype.save = function(provider) { ////////////////////////////////////////////////// var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_save_provider'; - var postData = { 'provider': JSON.stringify(provider) }; + var postData = { + 'csrfToken': GlobalVariables.csrfToken, + 'provider': JSON.stringify(provider) + }; $.post(postUrl, postData, function(response) { /////////////////////////////////////////////////// @@ -241,7 +244,10 @@ ProvidersHelper.prototype.save = function(provider) { */ ProvidersHelper.prototype.delete = function(id) { var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_delete_provider'; - var postData = { 'provider_id': id }; + var postData = { + 'csrfToken': GlobalVariables.csrfToken, + 'provider_id': id + }; $.post(postUrl, postData, function(response) { ///////////////////////////////////////////////////// @@ -394,7 +400,10 @@ ProvidersHelper.prototype.filter = function(key, selectId, display) { if (display == undefined) display = false; var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_filter_providers'; - var postData = { 'key': key }; + var postData = { + 'csrfToken': GlobalVariables.csrfToken, + 'key': key + }; $.post(postUrl, postData, function(response) { ////////////////////////////////////////////////////// diff --git a/src/assets/js/backend_users_secretaries.js b/src/assets/js/backend_users_secretaries.js index 5e12f26f..5d010b3c 100644 --- a/src/assets/js/backend_users_secretaries.js +++ b/src/assets/js/backend_users_secretaries.js @@ -180,7 +180,10 @@ SecretariesHelper.prototype.save = function(secretary) { //////////////////////////////////////////////////// var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_save_secretary'; - var postData = { 'secretary': JSON.stringify(secretary) }; + var postData = { + 'csrfToken': GlobalVariables.csrfToken, + 'secretary': JSON.stringify(secretary) + }; $.post(postUrl, postData, function(response) { //////////////////////////////////////////////////// @@ -201,7 +204,10 @@ SecretariesHelper.prototype.save = function(secretary) { */ SecretariesHelper.prototype.delete = function(id) { var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_delete_secretary'; - var postData = { 'secretary_id': id }; + var postData = { + 'csrfToken': GlobalVariables.csrfToken, + 'secretary_id': id + }; $.post(postUrl, postData, function(response) { ////////////////////////////////////////////////////// @@ -339,7 +345,10 @@ SecretariesHelper.prototype.filter = function(key, selectId, display) { if (display == undefined) display = false; var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_filter_secretaries'; - var postData = { 'key': key }; + var postData = { + 'csrfToken': GlobalVariables.csrfToken, + 'key': key + }; $.post(postUrl, postData, function(response) { //////////////////////////////////////////////////////// diff --git a/src/assets/js/frontend_book.js b/src/assets/js/frontend_book.js index ded2011a..b5f983f4 100644 --- a/src/assets/js/frontend_book.js +++ b/src/assets/js/frontend_book.js @@ -321,7 +321,7 @@ var FrontendBook = { // Make ajax post request and get the available hours. var ajaxurl = GlobalVariables.baseUrl + '/index.php/appointments/ajax_get_available_hours'; - jQuery.post(ajaxurl, postData, function(response) { + $.post(ajaxurl, postData, function(response) { /////////////////////////////////////////////////////////////// console.log('Get Available Hours JSON Response:', response); /////////////////////////////////////////////////////////////// diff --git a/src/assets/js/general_functions.js b/src/assets/js/general_functions.js index 6a3b41c3..eb18374d 100644 --- a/src/assets/js/general_functions.js +++ b/src/assets/js/general_functions.js @@ -306,7 +306,10 @@ var GeneralFunctions = { $(document).on('click', 'li.language', function() { // Change language with ajax call and refresh page. var postUrl = GlobalVariables.baseUrl + '/index.php/backend_api/ajax_change_language'; - var postData = { 'language': $(this).attr('data-language') }; + var postData = { + 'csrfToken': GlobalVariables.csrfToken, + 'language': $(this).attr('data-language'), + }; $.post(postUrl, postData, function(response) { //////////////////////////////////////////////////// console.log('Change Language Response', response);