![[site community profile]](https://www.dreamwidth.org/img/comm_staff.png){kind=small}
[dw-free] With save password off, xposter does not chal/resp the password on edit, only update
[commit: http://hg.dwscoalition.org/dw-free/rev/6d97226eea40]
http://bugs.dwscoalition.org/show_bug.cgi?id=2667
Fix crossposting when editing an entry, and password is not saved.
Patch by![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
allen.
Files modified:
http://bugs.dwscoalition.org/show_bug.cgi?id=2667
Fix crossposting when editing an entry, and password is not saved.
Patch by
allen.Files modified:
- cgi-bin/weblib.pl
- htdocs/editjournal.bml
- htdocs/js/xpost.js
--------------------------------------------------------------------------------
diff -r 4cd29aaf2434 -r 6d97226eea40 cgi-bin/weblib.pl
--- a/cgi-bin/weblib.pl Thu Jul 01 15:55:26 2010 +0800
+++ b/cgi-bin/weblib.pl Thu Jul 01 18:58:17 2010 +0800
@@ -1722,11 +1722,16 @@ MOODS
$out .= "<span class='inputgroup-right'>";
# extra submit button so make sure it posts the form when person presses enter key
if ($opts->{'mode'} eq "edit") {
- $out .= "<input type='submit' name='action:save' class='hidden_submit' />";
+ $out .= "<input type='submit' name='action:save' class='hidden_submit xpost_submit' />";
}
if ($opts->{'mode'} eq "update") {
- $out .= "<input type='submit' name='action:update' class='hidden_submit' />";
+ $out .= "<input type='submit' name='action:update' class='hidden_submit xpost_submit' />";
}
+
+ # submit_value field to emulate the submit button selected if we
+ # have to submit with javascript
+ $out .= "<input type='hidden' name='submit_value' />";
+
my $preview;
$preview = "<input type='button' value='" . BML::ml('entryform.preview') . "' onclick='entryPreview(this.form)' tabindex='" . $tabindex->() . "' />";
if(!$opts->{'disabled_save'}) {
@@ -1917,7 +1922,9 @@ PREVIEW
$$onload .= " changeSecurityOptions('$defaultjournal');" unless $opts->{'security'};
$out .= LJ::html_submit('action:update', BML::ml('entryform.update4'),
- { 'onclick' => $onclick, 'class' => 'submit', 'id' => 'formsubmit',
+ { 'onclick' => $onclick,
+ 'class' => 'submit xpost_submit',
+ 'id' => 'formsubmit',
'tabindex' => $tabindex->() }) . " \n";
}
@@ -1927,17 +1934,23 @@ PREVIEW
if (!$opts->{'disabled_save'}) {
$out .= LJ::html_submit('action:save', BML::ml('entryform.save'),
- { 'onclick' => $onclick, 'disabled' => $opts->{'disabled_save'},
+ { 'onclick' => $onclick,
+ 'disabled' => $opts->{'disabled_save'},
+ 'class' => 'xpost_submit',
'tabindex' => $tabindex->() }) . " \n";
} elsif ( $opts->{maintainer_mode} ) {
$out .= LJ::html_submit('action:savemaintainer', BML::ml('entryform.save.maintainer'),
- { 'onclick' => $onclick, 'disabled' => !$opts->{'maintainer_mode'},
+ { 'onclick' => $onclick,
+ 'disabled' => !$opts->{'maintainer_mode'},
+ 'class' => 'xpost_submit',
'tabindex' => $tabindex->() }) . " \n";
}
if (!$opts->{'disabled_save'} && $opts->{suspended} && !$opts->{unsuspend_supportid}) {
$out .= LJ::html_submit('action:saveunsuspend', BML::ml('entryform.saveandrequestunsuspend2'),
- { 'onclick' => $onclick, 'disabled' => $opts->{'disabled_save'},
+ { 'onclick' => $onclick,
+ 'disabled' => $opts->{'disabled_save'},
+ 'class' => 'xpost_submit',
'tabindex' => $tabindex->() }) . " \n";
}
@@ -1946,12 +1959,14 @@ PREVIEW
my $delete_onclick = "return XPostAccount.confirmDelete('" . LJ::ejs(BML::ml('entryform.delete.confirm')) . "', '" . LJ::ejs(BML::ml('entryform.delete.xposts.confirm')) . "')";
$out .= LJ::html_submit('action:delete', BML::ml('entryform.delete'), {
'disabled' => $opts->{'disabled_delete'},
+ 'class' => 'xpost_submit',
'tabindex' => $tabindex->(),
'onclick' => $delete_onclick }) . " \n";
if (!$opts->{'disabled_spamdelete'}) {
$out .= LJ::html_submit('action:deletespam', BML::ml('entryform.deletespam'), {
'onclick' => "return confirm('" . LJ::ejs(BML::ml('entryform.deletespam.confirm')) . "')",
+ 'class' => 'xpost_submit',
'tabindex' => $tabindex->() }) . "\n";
}
}
diff -r 4cd29aaf2434 -r 6d97226eea40 htdocs/editjournal.bml
--- a/htdocs/editjournal.bml Thu Jul 01 15:55:26 2010 +0800
+++ b/htdocs/editjournal.bml Thu Jul 01 18:58:17 2010 +0800
@@ -189,6 +189,12 @@ body<=
###
### SAVE EDITS
###
+
+ # add in this value in case we had to submit the form using
+ # javascript
+ if ( $POST{'submit_value'} ) {
+ $POST{$POST{'submit_value'}} = 1;
+ }
# are we spellchecking before we post?
my $spellcheck_html;
diff -r 4cd29aaf2434 -r 6d97226eea40 htdocs/js/xpost.js
--- a/htdocs/js/xpost.js Thu Jul 01 15:55:26 2010 +0800
+++ b/htdocs/js/xpost.js Thu Jul 01 18:58:17 2010 +0800
@@ -42,6 +42,16 @@ XPostAccount = new Class(Object, {
}
},
+ /**
+ * does an ajax call for challenge/response, so if we have an xpost account
+ * where we're not saving the password, we can avoid sending the password
+ * in plaintext. also checks to see if a required password is not filled
+ * in.
+ *
+ * returns true if this account requires a password and some work has
+ * to be done, false if this account doesn't need a password to be
+ * provided in the form.
+ */
doChallengeResponse: function () {
var xpost_button = $("prop_xpost_check");
@@ -55,7 +65,7 @@ XPostAccount = new Class(Object, {
this.setError(xpostPwRequired);
this.failed = true;
this.locked = false;
- return;
+ return true;
}
this.setMessage(xpostCheckingMessage + "<input type='button' onclick='XPostAccount.cancelSubmit()' value='" + xpostCancelLabel + "'/>");
@@ -67,7 +77,10 @@ XPostAccount = new Class(Object, {
"onData": this.gotInfo.bind(this)
};
window.parent.HTTPReq.getJSON(opts);
+
+ return true;
}
+ return false;
},
gotError: function (err) {
@@ -203,9 +216,23 @@ XPostAccount.setUpXpostForm = function (
if ( ! updateForm ) return;
DOM.addEventListener(updateForm, "submit", XPostAccount.xpostFormSubmitted.bindEventListener(updateForm));
+
+ var domObjects = document.getElementsByTagName("input");
+ var submitButtons = DOM.filterElementsByClassName(domObjects, "xpost_submit") || [];
+ for (var i = 0; i < submitButtons.length; i++) {
+ DOM.addEventListener(submitButtons[i], "click", XPostAccount.saveSubmitValue.bindEventListener(submitButtons[i]));
+ }
+
XPostAccount.loadAccounts();
XPostAccount.xpostAcctUpdated();
XPostAccount.updateXpostFromJournal(xpostUser);
+}
+
+/**
+ * Saves the value for the submit button selected.
+ */
+XPostAccount.saveSubmitValue = function () {
+ XPostAccount.submitName = this.name;
}
// When the form is submitted, compute the challenge response and clear out the plaintext password field
@@ -217,14 +244,18 @@ XPostAccount.xpostFormSubmitted = functi
if (! XPostAccount.skipChecks) {
- $('formsubmit').disabled=true;
- evt.preventDefault();
-
+ var preventDefault = false;
for (var i = 0; i < XPostAccount.accounts.length; i++) {
- XPostAccount.accounts[i].doChallengeResponse();
+ if (XPostAccount.accounts[i].doChallengeResponse()) {
+ preventDefault = true;
+ }
}
- XPostAccount.checkComplete();
+ if (preventDefault) {
+ XPostAccount.setSubmitDisabled(true);
+ evt.stop();
+ XPostAccount.checkComplete();
+ }
}
}
@@ -265,7 +296,7 @@ XPostAccount.doCancel = function() {
for (var i = 0; i < XPostAccount.accounts.length; i++) {
XPostAccount.accounts[i].clearSettings();
}
- $('formsubmit').disabled=false;
+ XPostAccount.setSubmitDisabled(false);
}
XPostAccount.doSpellcheck = function() {
@@ -281,9 +312,21 @@ XPostAccount.doFormSubmit = function() {
for (var i = 0; i < XPostAccount.accounts.length; i++) {
XPostAccount.accounts[i].clearPassword();
}
+ // we can't properly emulate pressing the submit button, so instead include
+ // the value here.
+ updateForm['submit_value'].value = XPostAccount.submitName;
updateForm.submit();
return false;
}
+// sets the disabled status of all xpost_submit buttons.
+XPostAccount.setSubmitDisabled = function(value) {
+ var domObjects = document.getElementsByTagName("input");
+ var submitButtons = DOM.filterElementsByClassName(domObjects, "xpost_submit") || [];
+ for (var i = 0; i < submitButtons.length; i++) {
+ submitButtons[i].disabled=value;
+ }
+}
+
LiveJournal.register_hook("page_load", XPostAccount.setUpXpostForm);
--------------------------------------------------------------------------------