[dw-free] With save password off, xposter does not chal/resp the password on edit, only update
[commit: http://hg.dwscoalition.org/dw-free/rev/6d97226eea40]
http://bugs.dwscoalition.org/show_bug.cgi?id=2667
Fix crossposting when editing an entry, and password is not saved.
Patch by
allen.
Files modified:
http://bugs.dwscoalition.org/show_bug.cgi?id=2667
Fix crossposting when editing an entry, and password is not saved.
Patch by
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
Files modified:
- cgi-bin/weblib.pl
- htdocs/editjournal.bml
- htdocs/js/xpost.js
-------------------------------------------------------------------------------- diff -r 4cd29aaf2434 -r 6d97226eea40 cgi-bin/weblib.pl --- a/cgi-bin/weblib.pl Thu Jul 01 15:55:26 2010 +0800 +++ b/cgi-bin/weblib.pl Thu Jul 01 18:58:17 2010 +0800 @@ -1722,11 +1722,16 @@ MOODS $out .= "<span class='inputgroup-right'>"; # extra submit button so make sure it posts the form when person presses enter key if ($opts->{'mode'} eq "edit") { - $out .= "<input type='submit' name='action:save' class='hidden_submit' />"; + $out .= "<input type='submit' name='action:save' class='hidden_submit xpost_submit' />"; } if ($opts->{'mode'} eq "update") { - $out .= "<input type='submit' name='action:update' class='hidden_submit' />"; + $out .= "<input type='submit' name='action:update' class='hidden_submit xpost_submit' />"; } + + # submit_value field to emulate the submit button selected if we + # have to submit with javascript + $out .= "<input type='hidden' name='submit_value' />"; + my $preview; $preview = "<input type='button' value='" . BML::ml('entryform.preview') . "' onclick='entryPreview(this.form)' tabindex='" . $tabindex->() . "' />"; if(!$opts->{'disabled_save'}) { @@ -1917,7 +1922,9 @@ PREVIEW $$onload .= " changeSecurityOptions('$defaultjournal');" unless $opts->{'security'}; $out .= LJ::html_submit('action:update', BML::ml('entryform.update4'), - { 'onclick' => $onclick, 'class' => 'submit', 'id' => 'formsubmit', + { 'onclick' => $onclick, + 'class' => 'submit xpost_submit', + 'id' => 'formsubmit', 'tabindex' => $tabindex->() }) . " \n"; } @@ -1927,17 +1934,23 @@ PREVIEW if (!$opts->{'disabled_save'}) { $out .= LJ::html_submit('action:save', BML::ml('entryform.save'), - { 'onclick' => $onclick, 'disabled' => $opts->{'disabled_save'}, + { 'onclick' => $onclick, + 'disabled' => $opts->{'disabled_save'}, + 'class' => 'xpost_submit', 'tabindex' => $tabindex->() }) . " \n"; } elsif ( $opts->{maintainer_mode} ) { $out .= LJ::html_submit('action:savemaintainer', BML::ml('entryform.save.maintainer'), - { 'onclick' => $onclick, 'disabled' => !$opts->{'maintainer_mode'}, + { 'onclick' => $onclick, + 'disabled' => !$opts->{'maintainer_mode'}, + 'class' => 'xpost_submit', 'tabindex' => $tabindex->() }) . " \n"; } if (!$opts->{'disabled_save'} && $opts->{suspended} && !$opts->{unsuspend_supportid}) { $out .= LJ::html_submit('action:saveunsuspend', BML::ml('entryform.saveandrequestunsuspend2'), - { 'onclick' => $onclick, 'disabled' => $opts->{'disabled_save'}, + { 'onclick' => $onclick, + 'disabled' => $opts->{'disabled_save'}, + 'class' => 'xpost_submit', 'tabindex' => $tabindex->() }) . " \n"; } @@ -1946,12 +1959,14 @@ PREVIEW my $delete_onclick = "return XPostAccount.confirmDelete('" . LJ::ejs(BML::ml('entryform.delete.confirm')) . "', '" . LJ::ejs(BML::ml('entryform.delete.xposts.confirm')) . "')"; $out .= LJ::html_submit('action:delete', BML::ml('entryform.delete'), { 'disabled' => $opts->{'disabled_delete'}, + 'class' => 'xpost_submit', 'tabindex' => $tabindex->(), 'onclick' => $delete_onclick }) . " \n"; if (!$opts->{'disabled_spamdelete'}) { $out .= LJ::html_submit('action:deletespam', BML::ml('entryform.deletespam'), { 'onclick' => "return confirm('" . LJ::ejs(BML::ml('entryform.deletespam.confirm')) . "')", + 'class' => 'xpost_submit', 'tabindex' => $tabindex->() }) . "\n"; } } diff -r 4cd29aaf2434 -r 6d97226eea40 htdocs/editjournal.bml --- a/htdocs/editjournal.bml Thu Jul 01 15:55:26 2010 +0800 +++ b/htdocs/editjournal.bml Thu Jul 01 18:58:17 2010 +0800 @@ -189,6 +189,12 @@ body<= ### ### SAVE EDITS ### + + # add in this value in case we had to submit the form using + # javascript + if ( $POST{'submit_value'} ) { + $POST{$POST{'submit_value'}} = 1; + } # are we spellchecking before we post? my $spellcheck_html; diff -r 4cd29aaf2434 -r 6d97226eea40 htdocs/js/xpost.js --- a/htdocs/js/xpost.js Thu Jul 01 15:55:26 2010 +0800 +++ b/htdocs/js/xpost.js Thu Jul 01 18:58:17 2010 +0800 @@ -42,6 +42,16 @@ XPostAccount = new Class(Object, { } }, + /** + * does an ajax call for challenge/response, so if we have an xpost account + * where we're not saving the password, we can avoid sending the password + * in plaintext. also checks to see if a required password is not filled + * in. + * + * returns true if this account requires a password and some work has + * to be done, false if this account doesn't need a password to be + * provided in the form. + */ doChallengeResponse: function () { var xpost_button = $("prop_xpost_check"); @@ -55,7 +65,7 @@ XPostAccount = new Class(Object, { this.setError(xpostPwRequired); this.failed = true; this.locked = false; - return; + return true; } this.setMessage(xpostCheckingMessage + "<input type='button' onclick='XPostAccount.cancelSubmit()' value='" + xpostCancelLabel + "'/>"); @@ -67,7 +77,10 @@ XPostAccount = new Class(Object, { "onData": this.gotInfo.bind(this) }; window.parent.HTTPReq.getJSON(opts); + + return true; } + return false; }, gotError: function (err) { @@ -203,9 +216,23 @@ XPostAccount.setUpXpostForm = function ( if ( ! updateForm ) return; DOM.addEventListener(updateForm, "submit", XPostAccount.xpostFormSubmitted.bindEventListener(updateForm)); + + var domObjects = document.getElementsByTagName("input"); + var submitButtons = DOM.filterElementsByClassName(domObjects, "xpost_submit") || []; + for (var i = 0; i < submitButtons.length; i++) { + DOM.addEventListener(submitButtons[i], "click", XPostAccount.saveSubmitValue.bindEventListener(submitButtons[i])); + } + XPostAccount.loadAccounts(); XPostAccount.xpostAcctUpdated(); XPostAccount.updateXpostFromJournal(xpostUser); +} + +/** + * Saves the value for the submit button selected. + */ +XPostAccount.saveSubmitValue = function () { + XPostAccount.submitName = this.name; } // When the form is submitted, compute the challenge response and clear out the plaintext password field @@ -217,14 +244,18 @@ XPostAccount.xpostFormSubmitted = functi if (! XPostAccount.skipChecks) { - $('formsubmit').disabled=true; - evt.preventDefault(); - + var preventDefault = false; for (var i = 0; i < XPostAccount.accounts.length; i++) { - XPostAccount.accounts[i].doChallengeResponse(); + if (XPostAccount.accounts[i].doChallengeResponse()) { + preventDefault = true; + } } - XPostAccount.checkComplete(); + if (preventDefault) { + XPostAccount.setSubmitDisabled(true); + evt.stop(); + XPostAccount.checkComplete(); + } } } @@ -265,7 +296,7 @@ XPostAccount.doCancel = function() { for (var i = 0; i < XPostAccount.accounts.length; i++) { XPostAccount.accounts[i].clearSettings(); } - $('formsubmit').disabled=false; + XPostAccount.setSubmitDisabled(false); } XPostAccount.doSpellcheck = function() { @@ -281,9 +312,21 @@ XPostAccount.doFormSubmit = function() { for (var i = 0; i < XPostAccount.accounts.length; i++) { XPostAccount.accounts[i].clearPassword(); } + // we can't properly emulate pressing the submit button, so instead include + // the value here. + updateForm['submit_value'].value = XPostAccount.submitName; updateForm.submit(); return false; } +// sets the disabled status of all xpost_submit buttons. +XPostAccount.setSubmitDisabled = function(value) { + var domObjects = document.getElementsByTagName("input"); + var submitButtons = DOM.filterElementsByClassName(domObjects, "xpost_submit") || []; + for (var i = 0; i < submitButtons.length; i++) { + submitButtons[i].disabled=value; + } +} + LiveJournal.register_hook("page_load", XPostAccount.setUpXpostForm); --------------------------------------------------------------------------------