Added handling for missing flask-wtf dependency

Added CSRF protection (via flask-wtf) Moved upload function to js file Fixed error page in case of csrf failure
2025-10-29 06:17:40 +00:00 · 2021-10-04 17:50:32 +02:00
parent 5edde53fed
commit 50919d4721
25 changed files with 92 additions and 38 deletions
--- a/cps/static/js/edit_books.js
+++ b/cps/static/js/edit_books.js
@@ -23,7 +23,6 @@ if ($(".tiny_editor").length) {

 $(".datepicker").datepicker({
    format: "yyyy-mm-dd",
-    language: language
 }).on("change", function () {
    // Show localized date over top of the standard YYYY-MM-DD date
    var pubDate;
--- a/cps/static/js/main.js
+++ b/cps/static/js/main.js
@@ -112,6 +112,14 @@ $("#btn-upload").change(function() {
    $("#form-upload").submit();
 });

+$("#form-upload").uploadprogress({
+    redirect_url: getPath() + "/", //"{{ url_for('web.index')}}",
+    uploadedMsg: $("#form-upload").data("message"), //"{{_('Upload done, processing, please wait...')}}",
+    modalTitle: $("#form-upload").data("title"), //"{{_('Uploading...')}}",
+    modalFooter: $("#form-upload").data("footer"), //"{{_('Close')}}",
+    modalTitleFailed: $("#form-upload").data("failed") //"{{_('Error')}}"
+});
+
 $(document).ready(function() {
  var inp = $('#query').first()
  if (inp.length) {
@@ -223,6 +231,16 @@ $(function() {
    var preFilters = $.Callbacks();
    $.ajaxPrefilter(preFilters.fire);

+    // equip all post requests with csrf_token
+    var csrftoken = $("input[name='csrf_token']").val();
+    $.ajaxSetup({
+        beforeSend: function(xhr, settings) {
+            if (!/^(GET|HEAD|OPTIONS|TRACE)$/i.test(settings.type) && !this.crossDomain) {
+                xhr.setRequestHeader("X-CSRFToken", csrftoken)
+            }
+        }
+    });
+
    function restartTimer() {
        $("#spinner").addClass("hidden");
        $("#RestartDialog").modal("hide");
@@ -576,7 +594,7 @@ $(function() {
            method:"post",
            dataType: "json",
            url: window.location.pathname + "/../../ajax/simulatedbchange",
-            data: {config_calibre_dir: $("#config_calibre_dir").val()},
+            data: {config_calibre_dir: $("#config_calibre_dir").val(), csrf_token: $("input[name='csrf_token']").val()},
            success: function success(data) {
                if ( data.change ) {
                    if ( data.valid ) {
@@ -712,7 +730,7 @@ $(function() {
            method:"post",
            contentType: "application/json; charset=utf-8",
            dataType: "json",
-            url: window.location.pathname + "/../ajax/view",
+            url: getPath() + "/ajax/view",
            data: "{\"series\": {\"series_view\": \""+ view +"\"}}",
            success: function success() {
                location.reload();