Commits

Bogdan Savluk committed f679e8a

Added support for Yii CSRF protection via adding csrf-param and csrf-token meta tags.

Comments (0)

Files changed (2)

assets/jquery.galleryManager.js

 (function ($) {
+    var csrf = '';
+    var csrf_token;
+    var csrf_param;
 
     function galleryManager(el, options) {
         //Defaults:
             $.ajax({
                 type:'POST',
                 url:opts.deleteUrl,
-                data:'id=' + id,
+                data:'id=' + id+csrf,
                 success:function (t) {
                     if (t == 'OK') $('#' + opts.wId + '-' + id).remove();
                     else alert(t);
 
 
         $('.images', $sorter).sortable().disableSelection().bind("sortstop", function () {
-            $.post(opts.arrangeUrl, $('input', $sorter).serialize() + '&ajax=true', function () {
+            $.post(opts.arrangeUrl, $('input', $sorter).serialize() + '&ajax=true'+csrf, function () {
                 // order saved!
             }, 'json');
         });
                 for (var i = 0; i < filesCount; i++) {
                     var fd = new FormData();
                     fd.append(this.name, this.files[i]);
+                    if (csrf_param != null && csrf_token != null) {
+                        fd.append(csrf_param,csrf_token);
+                    }
                     var xhr = new XMLHttpRequest();
                     xhr.open('POST', opts.uploadUrl, true);
                     xhr.onload = function () {
                 $.ajax(
                     opts.uploadUrl, {
                         files:$(this),
+                        data:csrf,
                         iframe:true,
                         dataType:"json"
                     }).done(function (resp) {
 
         $('.save-changes', $editorModal).click(function (e) {
             e.preventDefault();
-            $.post(opts.updateUrl, $('.form input, .form textarea', $editorModal).serialize() + '&ajax=true', function (data) {
+            $.post(opts.updateUrl, $('.form input, .form textarea', $editorModal).serialize() + '&ajax=true'+csrf, function (data) {
                 var count = data.length;
                 for (var key = 0; key < count; key++) {
                     var p = data[key];
                 $.ajax({
                     type:'POST',
                     url:opts.deleteUrl,
-                    data:'id=' + id,
+                    data:'id=' + id+csrf,
                     success:function (t) {
                         if (t == 'OK') $('#' + opts.wId + '-' + id).remove();
                         else alert(t);
 
     // The actual plugin
     $.fn.galleryManager = function (options) {
+        csrf_token = $('meta[name=csrf-token]').attr('content');
+        csrf_param = $('meta[name=csrf-param]').attr('content');
+        if (csrf_param != null && csrf_token != null) {
+            csrf = '&'+csrf_param+'='+ csrf_token
+        }
         if (this.length) {
             this.each(function () {
                 galleryManager(this, options);

assets/jquery.galleryManager.min.js

-(function(a){function b(b,c){function i(a,b,c,e,f,g){return'<div class="photo-editor"><div class="preview"><img src="'+b+'" alt=""/></div>'+"<div>"+(d.hasName?'<label for="photo_name_'+a+"_"+g+'">'+d.nameLabel+":</label>"+'<input type="text" name="photo['+a+"]["+g+'][name]" class="input-xlarge" value="'+c+'" id="photo_name_'+a+"_"+g+'"/>':"")+(d.hasLink?'<label for="photo_link_'+a+"_"+g+'">'+d.linkLabel+":</label>"+'<input type="text" name="photo['+a+"]["+g+'][link]" class="input-xlarge" value="'+f+'" id="photo_link_'+a+"_"+g+'"/>':"")+(d.hasDesc?'<label for="photo_description_'+a+"_"+g+'">'+d.descriptionLabel+":</label>"+'<textarea name="photo['+a+"]["+g+'][description]" rows="3" cols="40" class="input-xlarge" id="photo_description_'+a+"_"+g+'">'+e+"</textarea>":"")+"</div>"+"</div>"}function j(a,b,c,e,f){var g='<div id="'+d.wId+"-"+a+'" class="photo">'+'<div class="image-preview"><img src="'+b+'"/></div><div class="caption">';return d.hasName&&(g+="<h5>"+c+"</h5>"),d.hasDesc&&(g+="<p>"+e+"</p>"),g+='</div><input type="hidden" name="order['+a+']" value="'+f+'"/><div class="actions">'+(d.hasName||d.hasDesc?'<span data-photo-id="'+a+'" class="editPhoto btn btn-primary"><i class="icon-edit icon-white"></i></span> ':"")+'<span data-photo-id="'+a+'" class="deletePhoto btn btn-danger"><i class="icon-remove icon-white"></i></span>'+'</div><input type="checkbox" class="photo-select"/></div>',g}function k(b){b.preventDefault();var c=a(this).data("photo-id");return a.ajax({type:"POST",url:d.deleteUrl,data:"id="+c,success:function(b){b=="OK"?a("#"+d.wId+"-"+c).remove():alert(b)}}),!1}function l(b){b.preventDefault();var c=a(this).data("photo-id"),e=a(this).parents(".photo"),f=e.data("data");for(var g in d.langs){var j=d.langs[g];a("#"+d.wId+"_editor_tab_"+j+" .form",h).html(i(c,f.preview,f.i18ns[j].name,f.i18ns[j].description,f.i18ns[j].link,j))}return h.modal("show"),!1}function m(){var b=a(".photo.selected",f).length;a(".select_all",e).prop("checked",a(".photo",f).length==b),b==0?a(".edit_selected, .remove_selected",e).addClass("disabled"):a(".edit_selected, .remove_selected",e).removeClass("disabled")}function n(){var b=a(this);b.is(":checked")?b.parent().addClass("selected"):b.parent().removeClass("selected"),m()}function o(b){a(".deletePhoto",b).click(k),a(".editPhoto",b).click(l),a(".photo-select",b).change(n)}this.defaults={lang:"ru",langs:["ru","en"],nameLabel:"Name",descriptionLabel:"Description",linkLabel:"Link",hasName:!0,hasDesc:!0,hasLink:!0,uploadUrl:"",deleteUrl:"",updateUrl:"",arrangeUrl:"",photos:[]};var d=a.extend({},this.defaults,c),e=a(b);d.wId=e.attr("id");var f=a(".sorter",e),g=a(".images",f),h=a(".editor-modal",e);a(".images",f).sortable().disableSelection().bind("sortstop",function(){a.post(d.arrangeUrl,a("input",f).serialize()+"&ajax=true",function(){},"json")}),typeof window.FormData=="function"?a(".afile",e).attr("multiple","true").on("change",function(b){b.preventDefault();var c=this.files.length,e=0;a(".form",h).html("");for(var f=0;f<c;f++){var k=new FormData;k.append(this.name,this.files[f]);var l=new XMLHttpRequest;l.open("POST",d.uploadUrl,!0),l.onload=function(){e++;if(this.status==200){var b=JSON.parse(this.response),f=a(j(b.id,b.preview,b.i18ns[d.lang].name,b.i18ns[d.lang].description,b.rank)).data("data",b);o(f),g.append(f);if(d.hasName||d.hasDesc)for(var k in d.langs){var l=d.langs[k];a("#"+d.wId+"_editor_tab_"+l+" .form",h).append(i(b.id,b.preview,b.i18ns[l].name,b.i18ns[l].description,b.i18ns[l].link,l))}}e===c&&(d.hasName||d.hasDesc)&&h.modal("show")},l.send(k)}}):a(".afile",e).on("change",function(b){b.preventDefault(),a(".form",h).html(""),a.ajax(d.uploadUrl,{files:a(this),iframe:!0,dataType:"json"}).done(function(b){var c=a(j(b.id,b.preview,b.i18ns[d.lang].name,b.i18ns[d.lang].description,b.rank)).data("data",b);o(c),g.append(c);if(d.hasName||d.hasDesc)for(var e in d.langs){var f=d.langs[e];a("#"+d.wId+"_editor_tab_"+f+" .form",h).append(i(b.id,b.preview,b.i18ns[f].name,b.i18ns[f].description,b.i18ns[f].link,f))}(d.hasName||d.hasDesc)&&h.modal("show")})}),a(".save-changes",h).click(function(b){b.preventDefault(),a.post(d.updateUrl,a(".form input, .form textarea",h).serialize()+"&ajax=true",function(b){var c=b.length;for(var g=0;g<c;g++){var i=b[g],j=a("#"+d.wId+"-"+i.id);j.data("data",i),a("img",j).attr("src",i.src),d.hasName&&a(".caption h5",j).text(i.i18ns[d.lang].name),d.hasDesc&&a(".caption p",j).text(i.i18ns[d.lang].description)}h.modal("hide"),a(".photo.selected",f).each(function(){a(".photo-select",this).prop("checked",!1)}).removeClass("selected"),a(".select_all",e).prop("checked",!1),m()},"json")}),a(".edit_selected",e).click(function(b){b.preventDefault();var c=0,e=a(".form",h).html("");return a(".photo.selected",f).each(function(){c++;var b=a(this),e=b.attr("id").substr((d.wId+"-").length),f=b.data("data");for(var g in d.langs){var j=d.langs[g];a("#"+d.wId+"_editor_tab_"+j+" .form",h).append(i(e,f.preview,f.i18ns[j].name,f.i18ns[j].description,f.i18ns[j].link,j))}}),c>0&&h.modal("show"),!1}),a(".remove_selected",e).click(function(b){b.preventDefault(),a(".photo.selected",f).each(function(){var b=a(this).attr("id").substr((d.wId+"-").length);a.ajax({type:"POST",url:d.deleteUrl,data:"id="+b,success:function(c){c=="OK"?a("#"+d.wId+"-"+b).remove():alert(c),m()}})})}),a(".select_all",e).change(function(){a(this).prop("checked")?a(".photo",f).each(function(){a(".photo-select",this).prop("checked",!0)}).addClass("selected"):a(".photo.selected",f).each(function(){a(".photo-select",this).prop("checked",!1)}).removeClass("selected"),m()});for(var p in d.photos){var q=d.photos[p],r=a(j(q.id,q.preview,q.i18ns[d.lang].name,q.i18ns[d.lang].description,q.rank)).data("data",q);o(r),g.append(r)}}a.fn.galleryManager=function(a){this.length&&this.each(function(){b(this,a)})}})(jQuery);
+(function(a){function e(e,f){function l(a,b,c,d,e,f){return'<div class="photo-editor"><div class="preview"><img src="'+b+'" alt=""/></div>'+"<div>"+(g.hasName?'<label for="photo_name_'+a+"_"+f+'">'+g.nameLabel+":</label>"+'<input type="text" name="photo['+a+"]["+f+'][name]" class="input-xlarge" value="'+c+'" id="photo_name_'+a+"_"+f+'"/>':"")+(g.hasLink?'<label for="photo_link_'+a+"_"+f+'">'+g.linkLabel+":</label>"+'<input type="text" name="photo['+a+"]["+f+'][link]" class="input-xlarge" value="'+e+'" id="photo_link_'+a+"_"+f+'"/>':"")+(g.hasDesc?'<label for="photo_description_'+a+"_"+f+'">'+g.descriptionLabel+":</label>"+'<textarea name="photo['+a+"]["+f+'][description]" rows="3" cols="40" class="input-xlarge" id="photo_description_'+a+"_"+f+'">'+d+"</textarea>":"")+"</div>"+"</div>"}function m(a,b,c,d,e){var f='<div id="'+g.wId+"-"+a+'" class="photo">'+'<div class="image-preview"><img src="'+b+'"/></div><div class="caption">';return g.hasName&&(f+="<h5>"+c+"</h5>"),g.hasDesc&&(f+="<p>"+d+"</p>"),f+='</div><input type="hidden" name="order['+a+']" value="'+e+'"/><div class="actions">'+(g.hasName||g.hasDesc?'<span data-photo-id="'+a+'" class="editPhoto btn btn-primary"><i class="icon-edit icon-white"></i></span> ':"")+'<span data-photo-id="'+a+'" class="deletePhoto btn btn-danger"><i class="icon-remove icon-white"></i></span>'+'</div><input type="checkbox" class="photo-select"/></div>',f}function n(c){c.preventDefault();var d=a(this).data("photo-id");return a.ajax({type:"POST",url:g.deleteUrl,data:"id="+d+b,success:function(b){b=="OK"?a("#"+g.wId+"-"+d).remove():alert(b)}}),!1}function o(b){b.preventDefault();var c=a(this).data("photo-id"),d=a(this).parents(".photo"),e=d.data("data");for(var f in g.langs){var h=g.langs[f];a("#"+g.wId+"_editor_tab_"+h+" .form",k).html(l(c,e.preview,e.i18ns[h].name,e.i18ns[h].description,e.i18ns[h].link,h))}return k.modal("show"),!1}function p(){var b=a(".photo.selected",i).length;a(".select_all",h).prop("checked",a(".photo",i).length==b),b==0?a(".edit_selected, .remove_selected",h).addClass("disabled"):a(".edit_selected, .remove_selected",h).removeClass("disabled")}function q(){var b=a(this);b.is(":checked")?b.parent().addClass("selected"):b.parent().removeClass("selected"),p()}function r(b){a(".deletePhoto",b).click(n),a(".editPhoto",b).click(o),a(".photo-select",b).change(q)}this.defaults={lang:"ru",langs:["ru","en"],nameLabel:"Name",descriptionLabel:"Description",linkLabel:"Link",hasName:!0,hasDesc:!0,hasLink:!0,uploadUrl:"",deleteUrl:"",updateUrl:"",arrangeUrl:"",photos:[]};var g=a.extend({},this.defaults,f),h=a(e);g.wId=h.attr("id");var i=a(".sorter",h),j=a(".images",i),k=a(".editor-modal",h);a(".images",i).sortable().disableSelection().bind("sortstop",function(){a.post(g.arrangeUrl,a("input",i).serialize()+"&ajax=true"+b,function(){},"json")}),typeof window.FormData=="function"?a(".afile",h).attr("multiple","true").on("change",function(b){b.preventDefault();var e=this.files.length,f=0;a(".form",k).html("");for(var h=0;h<e;h++){var i=new FormData;i.append(this.name,this.files[h]),d!=null&&c!=null&&i.append(d,c);var n=new XMLHttpRequest;n.open("POST",g.uploadUrl,!0),n.onload=function(){f++;if(this.status==200){var b=JSON.parse(this.response),c=a(m(b.id,b.preview,b.i18ns[g.lang].name,b.i18ns[g.lang].description,b.rank)).data("data",b);r(c),j.append(c);if(g.hasName||g.hasDesc)for(var d in g.langs){var h=g.langs[d];a("#"+g.wId+"_editor_tab_"+h+" .form",k).append(l(b.id,b.preview,b.i18ns[h].name,b.i18ns[h].description,b.i18ns[h].link,h))}}f===e&&(g.hasName||g.hasDesc)&&k.modal("show")},n.send(i)}}):a(".afile",h).on("change",function(c){c.preventDefault(),a(".form",k).html(""),a.ajax(g.uploadUrl,{files:a(this),data:b,iframe:!0,dataType:"json"}).done(function(b){var c=a(m(b.id,b.preview,b.i18ns[g.lang].name,b.i18ns[g.lang].description,b.rank)).data("data",b);r(c),j.append(c);if(g.hasName||g.hasDesc)for(var d in g.langs){var e=g.langs[d];a("#"+g.wId+"_editor_tab_"+e+" .form",k).append(l(b.id,b.preview,b.i18ns[e].name,b.i18ns[e].description,b.i18ns[e].link,e))}(g.hasName||g.hasDesc)&&k.modal("show")})}),a(".save-changes",k).click(function(c){c.preventDefault(),a.post(g.updateUrl,a(".form input, .form textarea",k).serialize()+"&ajax=true"+b,function(b){var c=b.length;for(var d=0;d<c;d++){var e=b[d],f=a("#"+g.wId+"-"+e.id);f.data("data",e),a("img",f).attr("src",e.src),g.hasName&&a(".caption h5",f).text(e.i18ns[g.lang].name),g.hasDesc&&a(".caption p",f).text(e.i18ns[g.lang].description)}k.modal("hide"),a(".photo.selected",i).each(function(){a(".photo-select",this).prop("checked",!1)}).removeClass("selected"),a(".select_all",h).prop("checked",!1),p()},"json")}),a(".edit_selected",h).click(function(b){b.preventDefault();var c=0,d=a(".form",k).html("");return a(".photo.selected",i).each(function(){c++;var b=a(this),d=b.attr("id").substr((g.wId+"-").length),e=b.data("data");for(var f in g.langs){var h=g.langs[f];a("#"+g.wId+"_editor_tab_"+h+" .form",k).append(l(d,e.preview,e.i18ns[h].name,e.i18ns[h].description,e.i18ns[h].link,h))}}),c>0&&k.modal("show"),!1}),a(".remove_selected",h).click(function(c){c.preventDefault(),a(".photo.selected",i).each(function(){var c=a(this).attr("id").substr((g.wId+"-").length);a.ajax({type:"POST",url:g.deleteUrl,data:"id="+c+b,success:function(b){b=="OK"?a("#"+g.wId+"-"+c).remove():alert(b),p()}})})}),a(".select_all",h).change(function(){a(this).prop("checked")?a(".photo",i).each(function(){a(".photo-select",this).prop("checked",!0)}).addClass("selected"):a(".photo.selected",i).each(function(){a(".photo-select",this).prop("checked",!1)}).removeClass("selected"),p()});for(var s in g.photos){var t=g.photos[s],u=a(m(t.id,t.preview,t.i18ns[g.lang].name,t.i18ns[g.lang].description,t.rank)).data("data",t);r(u),j.append(u)}}var b="",c,d;a.fn.galleryManager=function(f){c=a("meta[name=csrf-token]").attr("content"),d=a("meta[name=csrf-param]").attr("content"),d!=null&&c!=null&&(b="&"+d+"="+c),this.length&&this.each(function(){e(this,f)})}})(jQuery);