From f39dc100b458e86d195a007619da7292af7033e1 Mon Sep 17 00:00:00 2001
From: Ozzieisaacs <ozzie.fernandez.isaacs@googlemail.com>
Date: Sat, 25 Dec 2021 21:39:58 +0100
Subject: [PATCH] Migrated some routes to POST - shelf massadd - resetpassword
 - delete shelf - send to kindle

---
 cps/static/js/details.js     |  2 +-
 cps/static/js/main.js        | 36 +++++++++++++++++++++++++++++++++---
 cps/templates/detail.html    |  6 +++---
 cps/templates/search.html    |  2 +-
 cps/templates/shelf.html     |  4 ++--
 cps/templates/user_edit.html |  2 +-
 6 files changed, 41 insertions(+), 11 deletions(-)

diff --git a/cps/static/js/details.js b/cps/static/js/details.js
index 9caf9470..3a7def32 100644
--- a/cps/static/js/details.js
+++ b/cps/static/js/details.js
@@ -62,7 +62,7 @@ $("#archived_cb").on("change", function() {
     $("#shelf-actions").on("click", "[data-shelf-action]", function (e) {
         e.preventDefault();
 
-        $.get(this.href)
+        $.post(this.href)
             .done(function() {
                 var $this = $(this);
                 switch ($this.data("shelf-action")) {
diff --git a/cps/static/js/main.js b/cps/static/js/main.js
index 6cef22f8..e8da76ef 100644
--- a/cps/static/js/main.js
+++ b/cps/static/js/main.js
@@ -20,6 +20,20 @@ function getPath() {
     return jsFileLocation.substr(0, jsFileLocation.search("/static/js/libs/jquery.min.js"));  // the js folder path
 }
 
+function postButton(event, action){
+    event.preventDefault();
+    var newForm = jQuery('<form>', {
+        "action": action,
+        'target': "_top",
+        'method': "post"
+    }).append(jQuery('<input>', {
+        'name': 'csrf_token',
+        'value': $("input[name=\'csrf_token\']").val(),
+        'type': 'hidden'
+    })).appendTo('body');
+    newForm.submit();
+}
+
 function elementSorter(a, b) {
     a = +a.slice(0, -2);
     b = +b.slice(0, -2);
@@ -71,6 +85,22 @@ $(document).on("change", "select[data-controlall]", function() {
     }
 });
 
+/*$(document).on("click", "#sendbtn", function (event) {
+    postButton(event, $(this).data('action'));
+});
+
+$(document).on("click", ".sendbutton", function (event) {
+    // $(".sendbutton").on("click", "body", function(event) {
+    postButton(event, $(this).data('action'));
+});*/
+
+$(document).on("click", ".postAction", function (event) {
+    // $(".sendbutton").on("click", "body", function(event) {
+    postButton(event, $(this).data('action'));
+});
+
+
+
 // Syntax has to be bind not on, otherwise problems with firefox
 $(".container-fluid").bind("dragenter dragover", function () {
     if($("#btn-upload").length && !$('body').hasClass('shelforder')) {
@@ -685,13 +715,14 @@ $(function() {
         });
     });
 
-    $("#delete_shelf").click(function() {
+    $("#delete_shelf").click(function(event) {
         confirmDialog(
             $(this).attr('id'),
             "GeneralDeleteModal",
             $(this).data('value'),
             function(value){
-                $("#delete_shelf").closest("form").submit()
+                postButton(event, $("#delete_shelf").data("action"));
+                // $("#delete_shelf").closest("form").submit()
             }
         );
 
@@ -775,4 +806,3 @@ $(function() {
         });
     });
 });
-
diff --git a/cps/templates/detail.html b/cps/templates/detail.html
index 0ecaf903..1fd5f09a 100644
--- a/cps/templates/detail.html
+++ b/cps/templates/detail.html
@@ -38,16 +38,16 @@
           {% endif %}
             {% if g.user.kindle_mail and kindle_list %}
               {% if kindle_list.__len__() == 1 %}
-                <a href="{{url_for('web.send_to_kindle', book_id=entry.id, book_format=kindle_list[0]['format'], convert=kindle_list[0]['convert'])}}" id="sendbtn" data-text="{{_('Send to Kindle')}}" class="btn btn-primary" role="button"><span class="glyphicon glyphicon-send"></span> {{kindle_list[0]['text']}}</a>
+                <div id="sendbtn" data-action="{{url_for('web.send_to_kindle', book_id=entry.id, book_format=kindle_list[0]['format'], convert=kindle_list[0]['convert'])}}" data-text="{{_('Send to Kindle')}}" class="btn btn-primary postAction" role="button"><span class="glyphicon glyphicon-send"></span> {{kindle_list[0]['text']}}</div>
               {% else %}
                 <div class="btn-group" role="group">
-                  <button id="sendbtn2" type="button" class="btn btn-primary dropdown-toggle" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
+                  <button id="sendbtn2" type="button" class="btn btn-primary dropdown-toggle postAction" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
                     <span class="glyphicon glyphicon-send"></span>{{_('Send to Kindle')}}
                     <span class="caret"></span>
                   </button>
                     <ul class="dropdown-menu" aria-labelledby="send-to-kindle">
                     {% for format in kindle_list %}
-                      <li><a href="{{url_for('web.send_to_kindle', book_id=entry.id, book_format=format['format'], convert=format['convert'])}}">{{format['text']}}</a></li>
+                      <li><a class="postAction" data-action="{{url_for('web.send_to_kindle', book_id=entry.id, book_format=format['format'], convert=format['convert'])}}">{{format['text']}}</a></li>
                     {%endfor%}
                     </ul>
                 </div>
diff --git a/cps/templates/search.html b/cps/templates/search.html
index 627beaf8..32339803 100644
--- a/cps/templates/search.html
+++ b/cps/templates/search.html
@@ -17,7 +17,7 @@
               <ul id="add-to-shelves" class="dropdown-menu" aria-labelledby="add-to-shelf">
                 {% for shelf in g.shelves_access %}
                   {% if not shelf.is_public or g.user.role_edit_shelfs() %}
-                    <li><a href="{{ url_for('shelf.search_to_shelf', shelf_id=shelf.id) }}"> {{shelf.name}}{% if shelf.is_public == 1 %} {{_('(Public)')}}{% endif %}</a></li>
+                    <li><a class="postAction" role="button" data-action="{{ url_for('shelf.search_to_shelf', shelf_id=shelf.id) }}"> {{shelf.name}}{% if shelf.is_public == 1 %} {{_('(Public)')}}{% endif %}</a></li>
                   {% endif %}
                 {%endfor%}
               </ul>
diff --git a/cps/templates/shelf.html b/cps/templates/shelf.html
index 5bb9317e..adfead60 100644
--- a/cps/templates/shelf.html
+++ b/cps/templates/shelf.html
@@ -2,14 +2,14 @@
 {% block body %}
 <div class="discover">
   <h2>{{title}}</h2>
-      <form action="{{url_for('shelf.delete_shelf', shelf_id=shelf.id)}}" method="post">
+      <!--form  method="post"--->
   {% if g.user.role_download() %}
   <a id="shelf_down" href="{{ url_for('shelf.show_simpleshelf', shelf_id=shelf.id) }}" class="btn btn-primary">{{ _('Download') }} </a>
       {% endif %}
   {% if g.user.is_authenticated %}
     {% if (g.user.role_edit_shelfs() and shelf.is_public ) or not shelf.is_public  %}
         <input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
-        <div class="btn btn-danger" id="delete_shelf" data-value="{{ shelf.id }}">{{ _('Delete this Shelf') }}</div>
+        <div class="btn btn-danger" data-action="{{url_for('shelf.delete_shelf', shelf_id=shelf.id)}}" id="delete_shelf" data-value="{{ shelf.id }}">{{ _('Delete this Shelf') }}</div>
       <a id="edit_shelf" href="{{ url_for('shelf.edit_shelf', shelf_id=shelf.id) }}" class="btn btn-primary">{{ _('Edit Shelf Properties') }} </a>
       </form>
       {% if entries.__len__() %}
diff --git a/cps/templates/user_edit.html b/cps/templates/user_edit.html
index e6fbdb74..de7a4fb3 100644
--- a/cps/templates/user_edit.html
+++ b/cps/templates/user_edit.html
@@ -17,7 +17,7 @@
     </div>
     {% if ( g.user and g.user.role_passwd() or g.user.role_admin() ) and not content.role_anonymous() %}
       {% if g.user and g.user.role_admin() and not new_user and not profile and ( mail_configured and content.email if content.email != None ) %}
-        <a class="btn btn-default" id="resend_password" href="{{url_for('admin.reset_user_password', user_id = content.id) }}">{{_('Reset user Password')}}</a>
+        <a class="btn btn-default postAction" id="resend_password" role="button" data-action="{{url_for('admin.reset_user_password', user_id = content.id) }}">{{_('Reset user Password')}}</a>
       {% endif %}
         <div class="form-group">
           <label for="password">{{_('Password')}}</label>