openrat-cms

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs

commit ce5cb8e46e7566bbcef374331c4a2f3cbdc4be2f
parent eda46314405cb94c451d20b781435f8652bb0a1e
Author: Jan Dankert <devnull@localhost>
Date:   Fri, 13 Jul 2018 00:50:32 +0200

Das Setzen des Cookies vereinheitlicht, der Cookie-Pfad ist nun immer der gleiche, egal ob UI- oder API-Request. Formulare erhalten das Attribut 'target', abhängig davon, ob das Formular per AJAX abgeschickt wird oder direkt die gesamte Seite neu lädt.

Diffstat:
api/index.php | 2++
modules/cms-core/action/Action.class.php | 78+++++++++++++-----------------------------------------------------------------
modules/cms-core/action/LoginAction.class.php | 18+++++++-----------
modules/cms-core/action/StartAction.class.php | 4++--
modules/cms-ui/action/IndexAction.class.php | 48++++++++++++++++++++++++++++++------------------
modules/cms-ui/themes/default/html/views/login/login.php | 12++++++------
modules/cms-ui/themes/default/html/views/login/login.tpl.src.xml | 2+-
modules/cms-ui/themes/default/script/openrat.js | 5++---
modules/cms-ui/themes/default/script/openrat.min.js | 4++--
modules/cms-ui/themes/default/style/openrat-workbench.css | 2+-
modules/cms-ui/themes/default/style/openrat-workbench.less | 2+-
modules/cms-ui/themes/default/style/openrat-workbench.min.css | 4++--
modules/template-engine/components/html/form/Form.class.php | 13++++++++++---
modules/template-engine/components/html/form/form.js | 2++
modules/template-engine/components/html/form/form.min.js | 8++++----
modules/util/config-default.php | 4++++
16 files changed, 89 insertions(+), 119 deletions(-)

diff --git a/api/index.php b/api/index.php @@ -6,6 +6,8 @@ require('../modules/cms-api/require.php'); use cms_api\API; try { + // Cookie-Path: Actual path without '/api'. + define('COOKIE_PATH',substr(dirname($_SERVER['SCRIPT_NAME']),0,-4)); API::execute(); diff --git a/modules/cms-core/action/Action.class.php b/modules/cms-core/action/Action.class.php @@ -425,60 +425,6 @@ namespace cms\action { } - protected function setMenu() - { - return; - - $windowMenu = array(); - $name = $this->actionConfig[$this->subActionName]['menu']; - $menuList = explode(',', $this->actionConfig['menu']['menu']); - //$menuList = explode(',',$this->actionConfig['menu'][$name]); - - if (isset($this->actionConfig[$this->subActionName]['menuaction'])) - $actionName = $this->actionConfig[$this->subActionName]['menuaction']; - else - $actionName = $this->subActionName; - - foreach ($menuList as $menuName) { - if (isset($this->actionConfig[$menuName]['alias'])) - $menuText = 'menu_' . $this->actionName . '_' . $this->actionConfig[$menuName]['alias']; - else - $menuText = 'menu_' . $this->actionName . '_' . $menuName; - - - $menuKey = 'accesskey_window_' . $menuName; - - $menuEntry = array('subaction' => $menuName, - 'text' => $menuText, - 'title' => $menuText . '_DESC', - 'key' => $menuKey); - - if ($this->checkMenu($menuName)) - $menuEntry['url'] = Html::url($actionName, $menuName, $this->getRequestId()); - - $windowMenu[] = $menuEntry; - } - $this->setTemplateVar('windowMenu', $windowMenu); - } - - - /** - * Ermittelt, ob der Men�punkt aktiv ist. - * Ob ein Men�punkt als aktiv angezeigt werden soll, steht meist erst zur Laufzeit fest. - * <br> - * Diese Methode kann von den Unterklassen �berschrieben werden. - * Falls diese Methode nicht �berschrieben wird, sind alle Men�punkte aktiv. - * - * @param String $name Logischer Name des Men�punktes - * @return boolean TRUE, wenn Men�punkt aktiv ist. - */ - protected function checkMenu($name) - { - // Standard: Alle Men�punkt sind aktiv. - return true; - } - - /** * Erzeugt einen Redirect auf einen bestimmte URL. */ @@ -489,29 +435,31 @@ namespace cms\action { /** - * Sorgt dafür, dass alle anderen Views aktualisiert werden. - * - * Diese Methode sollte dann aufgerufen werden, wenn Objekte geändert werden - * und dies Einfluss auf andere Views hat. + * @deprecated sollte im UI gesteuert werden. */ protected function refresh() { - $this->refresh = true; - $this->setControlVar('refresh', true); } /** - * Setzt eine neue Perspektive für die Sitzung. - * * @param String Name der Perspektive + * @deprecated gibt es nicht mehr. */ protected function setPerspective($name) { - Logger::info("Setting perspective to ".$name); - Session::set('perspective', $name); + } + + protected function setCookie($name,$value='' ) { + + if (empty($value)) + $expire = time(); // Cookie wird gelöscht. + else + $expire = time() + 60 * 60 * 24 * config('security', 'cookie', 'expire'); - $this->refresh(); + $secure = config('security', 'cookie', 'secure'); + $httponly = config('security', 'cookie', 'httponly'); + setcookie($name , $value, $expire,COOKIE_PATH, '', $secure, $httponly); } } diff --git a/modules/cms-core/action/LoginAction.class.php b/modules/cms-core/action/LoginAction.class.php @@ -800,7 +800,7 @@ class LoginAction extends Action $newPassword2 = $this->getRequestVar('password2' ,OR_FILTER_ALPHANUM); // Cookie setzen - setcookie('or_username',$loginName,time()+(60*60*24*30*12*2) ); + $this->setCookie('or_username',$loginName ); // Login mit Open-Id. if ( $this->hasRequestVar('openid_provider') && ($this->getRequestVar('openid_provider') != 'identity' || !empty($openid_user)) ) @@ -946,9 +946,8 @@ class LoginAction extends Action } // Cookie setzen - $cookieLifetime = 60*60*24*30*12*2; // 2 Jahre. - setcookie('or_username',$loginName ,time()+$cookieLifetime,'/' ); - setcookie('or_dbid' ,$this->getRequestVar('dbid'),time()+$cookieLifetime,'/'); + $this->setCookie('or_username',$loginName ); + $this->setCookie('or_dbid' ,$this->getRequestVar('dbid')); // Authentifzierungs-Module. $modules = explode(',',$conf['security']['modules']['authenticate']); @@ -1076,8 +1075,8 @@ class LoginAction extends Action if ( $this->hasRequestVar('remember') ) { // Cookie setzen - setcookie('or_username',$user->name ,time()+(60*60*24*30*12*2) ); - setcookie('or_token' ,$user->loginToken(),time()+(60*60*24*30*12*2) ); + $this->setCookie('or_username',$user->name ); + $this->setCookie('or_token' ,$user->loginToken() ); } // Anmeldung erfolgreich. @@ -1262,7 +1261,7 @@ class LoginAction extends Action // Login-Token löschen: // Wenn der Benutzer sich abmelden will, dann soll auch die automatische // Anmeldung deaktiviert werden. - setcookie('or_token' ,'',0 ); + $this->setCookie('or_token' ,null ); // Umleiten auf eine definierte URL.s $redirect_url = @$conf['security']['logout']['redirect_url']; @@ -1272,12 +1271,9 @@ class LoginAction extends Action $this->redirect($redirect_url); } - Session::set('perspective','login'); - // Style zurücksetzen. // Der Style des Benutzers koennte auch stehen bleiben. Aber dann gäbe es Rückschlüsse darauf, wer zuletzt angemeldet war (Sicherheit!). $this->setStyle( config('interface','style','default') ); - $this->refresh(); } @@ -2115,7 +2111,7 @@ class LoginAction extends Action // Bug in PHP 4.3.2: Session-Cookie wird nicht neu gesetzt. if ( ini_get("session.use_cookies") ) - setcookie( session_name(),session_id(),ini_get("session.cookie_lifetime"),"/" ); + $this->setCookie( session_name(),session_id() ); } elseif ( version_compare(phpversion(),"5.1.0",">") ) { diff --git a/modules/cms-core/action/StartAction.class.php b/modules/cms-core/action/StartAction.class.php @@ -666,7 +666,7 @@ class StartAction extends Action $newPassword2 = $this->getRequestVar('password2' ,OR_FILTER_ALPHANUM); // Cookie setzen - setcookie('or_username',$loginName,time()+(60*60*24*30*12*2) ); + $this->setCookie('or_username',$loginName ); // Login mit Open-Id. if ( $this->hasRequestVar('openid_provider') && ($this->getRequestVar('openid_provider') != 'identity' || !empty($openid_user)) ) @@ -1669,7 +1669,7 @@ class StartAction extends Action // Bug in PHP 4.3.2: Session-Cookie wird nicht neu gesetzt. if ( ini_get("session.use_cookies") ) - setcookie( session_name(),session_id(),ini_get("session.cookie_lifetime"),"/" ); + $this->setCookie( session_name(),session_id() ); } elseif ( version_compare(phpversion(),"5.1.0",">") ) { diff --git a/modules/cms-ui/action/IndexAction.class.php b/modules/cms-ui/action/IndexAction.class.php @@ -66,16 +66,20 @@ class IndexAction extends Action } + /** + * Show the UI. + */ public function showView() { global $conf; - - // Schauen, ob eine Perspektive existiert. - if ( empty($this->perspective) ) + + $user = Session::getUser(); + + // Is a user logged in? + if ( !is_object($user) ) { - // Da keine Perspektive existiert, handelt es sich wohl um den - // ersten Aufruf in dieser Sitzung. - + // Lets try an auto login. + // Versuchen, einen Benutzernamen zu ermitteln, der im Eingabeformular vorausgewählt wird. $modules = explode(',',$conf['security']['modules']['autologin']); @@ -102,29 +106,30 @@ class IndexAction extends Action $user = User::loadWithName( $username ); Session::setUser($user); Logger::info('auto-login for user '.$username); - $this->setPerspective('start'); } catch( ObjectNotFoundException $e ) { Logger::warn('Username for autologin does not exist: '.$username); - $this->setPerspective('login'); + + // Kein Auto-Login moeglich, die Anmeldemaske anzeigen. + $this->setTemplateVars( array('dialogAction'=>'login','dialogMethod'=>'login')); } } else { - // Kein Auto-Login moeglich, die Anmeldemaske anzeigen. - $this->setPerspective('login'); + // Kein Auto-Login moeglich, die Anmeldemaske anzeigen. + $this->setTemplateVars( array('dialogAction'=>'login','dialogMethod'=>'login')); } } - // Theme für den angemeldeten Benuter ermitteln, dieser wird für - // den Link auf die CSS-Datei benoetigt. - $user = Session::getUser(); + // Theme für den angemeldeten Benuter ermitteln if ( is_object($user) ) - $style = $user->style; + $style = $user->style; else $style = config('interface','style','default'); + $this->setTemplateVar('style',$style ); + $userIsLoggedIn = is_object($user); // Welche Aktion soll ausgeführt werden? @@ -134,14 +139,21 @@ class IndexAction extends Action } $id = $this->getRequestId(); - $jsFiles = $this->getJSFiles(); - $cssFiles = $this->getCSSFiles(); - //$themeCss = $this->getThemeCSS(); + $this->setTemplateVar('action',$action); + $this->setTemplateVar('id' ,$id ); + + $this->setTemplateVar('jsFiles' , $this->getJSFiles() ); + $this->setTemplateVar('cssFiles',$this->getCSSFiles() ); $styleConfig = config('style-default') + config('style', $style); - $themeColor = $this->getColorHexCode($styleConfig['title_background_color']); + $this->setTemplateVar('themeColor', $this->getColorHexCode($styleConfig['title_background_color'])); + + $this->setTemplateVar('notices', array()); // HTML-Datei direkt einbinden. + $vars = $this->getOutputData(); + $output = $vars['output']; // will be extracted in the included template file. + require('modules/cms-ui/themes/default/layout/index.php'); exit; } diff --git a/modules/cms-ui/themes/default/html/views/login/login.php b/modules/cms-ui/themes/default/html/views/login/login.php @@ -2,10 +2,10 @@ <div class="headermenu"><div class="toolbar-icon clickable"><a href="javascript:void(0);" title="<?php echo lang('MENU_PASSWORD') ?>" data-type="dialog" data-name="<?php echo lang('MENU_PASSWORD') ?>" data-method="password"><img src="./themes/default/images/icon/action/password.svg" title="<?php echo lang('MENU_password_DESC') ?>" /><?php echo lang('MENU_password') ?></a></div><div class="toolbar-icon clickable"><a href="javascript:void(0);" title="<?php echo lang('MENU_REGISTER') ?>" data-type="dialog" data-name="<?php echo lang('MENU_REGISTER') ?>" data-method="register"><img src="./themes/default/images/icon/action/register.svg" title="<?php echo lang('MENU_register_DESC') ?>" /><?php echo lang('MENU_register') ?></a></div><div class="toolbar-icon clickable"><a href="javascript:void(0);" title="<?php echo lang('MENU_LICENSE') ?>" data-type="dialog" data-name="<?php echo lang('MENU_LICENSE') ?>" data-method="license"><img src="./themes/default/images/icon/action/license.svg" title="<?php echo lang('MENU_license_DESC') ?>" /><?php echo lang('MENU_license') ?></a></div></div> - <form name="" target="_self" action="./" data-method="login" data-action="login" data-id="<?php echo OR_ID ?>" method="POST" enctype="application/x-www-form-urlencoded" class="login" data-async="" data-autosave=""><input type="submit" class="invisible" /><input type="hidden" name="<?php echo REQ_PARAM_TOKEN ?>" value="<?php echo token() ?>" /><input type="hidden" name="<?php echo REQ_PARAM_ACTION ?>" value="login" /><input type="hidden" name="<?php echo REQ_PARAM_SUBACTION ?>" value="login" /><input type="hidden" name="<?php echo REQ_PARAM_ID ?>" value="<?php echo OR_ID ?>" /> + <form name="" target="_self" data-target="top" action="./" data-method="login" data-action="login" data-id="<?php echo OR_ID ?>" method="POST" enctype="application/x-www-form-urlencoded" class="login" data-async="1" data-autosave=""><input type="submit" class="invisible" /><input type="hidden" name="<?php echo REQ_PARAM_TOKEN ?>" value="<?php echo token() ?>" /><input type="hidden" name="<?php echo REQ_PARAM_ACTION ?>" value="login" /><input type="hidden" name="<?php echo REQ_PARAM_SUBACTION ?>" value="login" /><input type="hidden" name="<?php echo REQ_PARAM_ID ?>" value="<?php echo OR_ID ?>" /> <?php $if3=(config('login','logo','enabled')); if($if3){?> <?php $if4=(!empty(config('login','logo','url'))); if($if4){?> - <a target="_self" data-url="<?php echo config('login','logo','url') ?>" data-action="" data-method="<?php echo OR_METHOD ?>" data-id="<?php echo OR_ID ?>" href="javascript:void(0);"> + <a target="_self" data-url="<?php echo config('login','logo','url') ?>" data-action="" data-method="<?php echo OR_METHOD ?>" data-id="<?php echo OR_ID ?>" href="<?php echo Html::url('','','') ?>"> <img class="" title="" src="<?php echo config('login','logo','image') ?>" /> </a> @@ -44,7 +44,7 @@ </div> <div class="input"> <?php $if6=!(!empty($$force_username)); if($if6){?> - <div class="inputholder"><input<?php if ('') echo ' disabled="true"' ?> data-hint="<?php echo lang('USER_USERNAME') ?>" id="<?php echo REQUEST_ID ?>_login_name" name="login_name<?php if ('') echo '_disabled' ?>" type="text" maxlength="256" class="name" value="<?php echo Text::encodeHtml(@$login_name) ?>" /><?php if ('') { ?><input type="hidden" name="login_name" value="<?php $login_name ?>"/><?php } ?></div> + <div class="inputholder"><input<?php if ('') echo ' disabled="true"' ?> placeholder="<?php echo lang('USER_USERNAME') ?>" id="<?php echo REQUEST_ID ?>_login_name" name="login_name<?php if ('') echo '_disabled' ?>" type="text" maxlength="256" class="name" value="<?php echo Text::encodeHtml(@$login_name) ?>" /><?php if ('') { ?><input type="hidden" name="login_name" value="<?php $login_name ?>"/><?php } ?></div> <?php } ?> <?php if(!$if6){?> @@ -92,7 +92,7 @@ </div> </div> <?php } ?> - <fieldset class="<?php echo ''?" open":"" ?><?php echo ''?" show":"" ?>"><legend><div class="arrow-right closed" /><div class="arrow-down open" /><?php echo lang('USER_NEW_PASSWORD') ?></legend><div> + <fieldset class="<?php echo ''?" open":" closed" ?><?php echo ''?" show":"" ?>"><legend><div class="arrow arrow-right on-closed"></div><div class="arrow arrow-down on-open"></div><?php echo lang('USER_NEW_PASSWORD') ?></legend><div> <div class="line"> <div class="label"> <label for="<?php echo REQUEST_ID ?>_password1" class="label"> @@ -118,7 +118,7 @@ </div> </div> </div></fieldset> - <fieldset class="<?php echo ''?" open":"" ?><?php echo ''?" show":"" ?>"><legend><div class="arrow-right closed" /><div class="arrow-down open" /><?php echo lang('USER_TOKEN') ?></legend><div> + <fieldset class="<?php echo ''?" open":" closed" ?><?php echo ''?" show":"" ?>"><legend><div class="arrow arrow-right on-closed"></div><div class="arrow arrow-down on-open"></div><?php echo lang('USER_TOKEN') ?></legend><div> <div class="line"> <div class="label"> <label for="<?php echo REQUEST_ID ?>_user_token" class="label"> @@ -133,7 +133,7 @@ </div> </div></fieldset> <?php $if3=(intval('1')<intval(@count($dbids))); if($if3){?> - <fieldset class="<?php echo '1'?" open":"" ?><?php echo '1'?" show":"" ?>"><legend><img src="/themes/default/images/icon/method/database.svg" /><div class="arrow-right closed" /><div class="arrow-down open" /><?php echo lang('DATABASE') ?></legend><div> + <fieldset class="<?php echo '1'?" open":" closed" ?><?php echo '1'?" show":"" ?>"><legend><img src="/themes/default/images/icon/method/database.svg" /><div class="arrow arrow-right on-closed"></div><div class="arrow arrow-down on-open"></div><?php echo lang('DATABASE') ?></legend><div> <div class="line"> <div class="label"> <label for="<?php echo REQUEST_ID ?>_dbid" class="label"> diff --git a/modules/cms-ui/themes/default/html/views/login/login.tpl.src.xml b/modules/cms-ui/themes/default/html/views/login/login.tpl.src.xml @@ -1,7 +1,7 @@ <output xmlns="http://www.openrat.de/template" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.openrat.de/template ../template.xsd"> <header views="password,register,license"></header> - <form cancel="false" label="message:menu_login" visible="true" action="login" subaction="login"> + <form cancel="false" label="message:menu_login" visible="true" action="login" subaction="login" target="top"> <if true="config:login/logo/enabled"> <if present="config:login/logo/url"> <link url="config:login/logo/url" target="_top"> diff --git a/modules/cms-ui/themes/default/script/openrat.js b/modules/cms-ui/themes/default/script/openrat.js @@ -235,7 +235,7 @@ function registerWorkbenchEvents() } else { - $('div#dialog').removeClass('open').addClass('closed'); + $('div#dialog').removeClass('is-open').addClass('is-closed'); $('div#dialog > .view').html(''); // Dialog beenden } @@ -269,7 +269,6 @@ function registerViewEvents( viewEl ) { $(viewEl).trigger('orViewLoaded'); - // Untermenüpunkte aus der View in das Fenstermenü kopieren... $(viewEl).closest('div.panel').find('div.header div.dropdown div.entry.perview').remove(); // Alte Einträge löschen @@ -445,7 +444,7 @@ function startDialog( name,action,method,id,params ) $('div#dialog > .view').html('<div class="header"><img class="icon" title="" src="./themes/default/images/icon/'+method+'.png" />'+name+'</div>'); $('div#dialog > .view').data('id',id); - $('div#dialog').removeClass('closed').addClass('open'); + $('div#dialog').removeClass('is-closed').addClass('is-open'); Workbench.loadViewIntoElement( $('div#dialog > .view'), action, method, id, params ); } diff --git a/modules/cms-ui/themes/default/script/openrat.min.js b/modules/cms-ui/themes/default/script/openrat.min.js @@ -1,9 +1,9 @@ ;var DEFAULT_CONTENT_ACTION='edit',OR_THEMES_EXT_DIR='modules/cms-ui/themes/';$(function(){$('html').removeClass('nojs');$('.initial-hidden').removeClass('initial-hidden');registerHeaderEvents();registerWorkbenchEvents();var t=$('#editor').data('action');filterMenus(t);$('#workbench .view').each(function(t){registerViewEvents(this)});window.onpopstate=function(t){Navigator.navigateTo(t.state)};initActualHistoryState();Workbench.initialize();loadTree()});function initActualHistoryState(){var e={};e.name=window.document.title;var t=new URLSearchParams(window.location.search);if(t.has('action')){e.action=t.get('action');e.id=t.get('id');e.name=window.document.title;e.data={};var t=Array.from(t.entries());for(var i in t){e.data[t[i][0]]=t[i][1]};Navigator.toActualHistory(e)}};var Navigator=new function(){'use strict';this.navigateTo=function(t){Workbench.loadNewActionState(t)};this.navigateToNew=function(t){Workbench.loadNewActionState(t);window.history.pushState(t,t.name,createUrl(t.action,null,t.id,t.data,!1))};this.navigateToNewAction=function(t,e,i,n){var a={action:t,method:e,id:i,data:n};this.navigateToNew(a)};this.toActualHistory=function(t){window.history.replaceState(t,t.name,createUrl(t.action,null,t.id,t.data,!1))}},Workbench=new function(){'use strict';this.initialize=function(){this.initializePingTimer()};this.initializePingTimer=function(){var t=function(){$.ajax(createUrl('title','ping',0))},e=5;window.setInterval(t,e*60*1000)};this.loadNewActionState=function(t){Workbench.loadNewAction(t.action,t.id,t.data)};this.loadNewAction=function(t,e,i){$('#editor').attr('data-action',t);$('#editor').attr('data-id',e);$('#workbench .view-loader').each(function(n){var a=$(this),o=a.data('method');Workbench.loadViewIntoElement(a,t,o,e,i)});filterMenus(t)};this.loadViewIntoElement=function(t,e,i,n,a){var o=createUrl(e,i,n,a,!0);t.empty().fadeTo(1,0.7).addClass('loader').html('').load(o,function(e,i,n){t.fadeTo(350,1);$(t).removeClass('loader');if(i=='error'){$(t).html('');notify('error',e);return};registerViewEvents(t)})}};function registerWorkbenchEvents(){$('div.header').dblclick(function(){fullscreen(this)});$('div#filler').click(function(){if($('div#dialog').hasClass('modal')){} -else{$('div#dialog').removeClass('open').addClass('closed');$('div#dialog > .view').html('')}})};function loadView(t,e,i,n,a){Navigator.navigateToNewAction(e,i,n,a)};function registerViewEvents(t){$(t).trigger('orViewLoaded');$(t).find('input[data-hint]').orHint();$(t).closest('div.panel').find('div.header div.dropdown div.entry.perview').remove();$(t).find('div.headermenu > a').each(function(t,e){});$(t).find('div.header > a.back').each(function(e,i){$(i).removeClass('button').wrap('<div class="entry perview" />').parent().appendTo($(t).closest('div.panel').find('div.header div.dropdown').first())});$(t).find('div.selector.tree').each(function(){var t=this;$(this).orTree({type:'project',selectable:$(t).attr('data-types').split(','),id:$(t).attr('data-init-folderid'),onSelect:function(e,i,n){var a=$(t).parent();$(a).find('input[type=text]').attr('value',e);$(a).find('input[type=hidden]').attr('value',n)}})});$('div.content li.object').draggable({cursor:'move',revert:'invalid'});$('div.content li.object > .entry[data-type=\'folder\']').droppable({accept:'li.object',hoverClass:'drophover',activeClass:'dropactive',drop:function(t,e){var i=e.draggable,n=$(this).parent();startDialog($(this).text(),$(i).attr('data-type'),'copy',$(n).attr('data-id'),{'action':$(i).attr('data-type'),'subaction':'copy','id':$(i).attr('data-id'),'targetFolderId':$(n).attr('data-id')});$(i).detach().css({top:0,left:0}).appendTo(n).click()}});$(t).find('input').change(function(){$('#editor').find('header').addClass('dirty')})};function registerHeaderEvents(){$('body').click(function(){$('.toolbar-icon.menu').parent().removeClass('open')});$('#title .toolbar-icon.menu').click(function(t){t.stopPropagation();$(this).parent().toggleClass('open')});$('#title .toolbar-icon.menu').mouseover(function(){$(this).parent().find('.toolbar-icon.menu').removeClass('open');$(this).addClass('open')});$('#title').trigger('orHeaderLoaded');$('div.search input').blur(function(){$('div.search input div.dropdown').fadeOut()});$('div.search input').orHint();$('div.search input').orSearch({dropdown:'div.search div.dropdown'})};function fullscreen(t){$(t).closest('div.panel').fadeOut('fast',function(){$(this).toggleClass('fullscreen').fadeIn('fast')})};function loadTree(){$('#navigation').html('&nbsp;');$('#navigation').orTree({type:'root',id:0,onSelect:function(t,e,i,n){openNewAction(t,e,i,n)}});$('#navigation > div.sheet.action-tree.method-tree > ul.tree > div.tree').delay(500).click();$('#navigation > div.sheet.action-tree.method-tree > ul.tree > div.tree').delay(500).click()};function submitUrl(t,e){postUrl(e,t)};function postUrl(t,e){t+='&output=json';$.ajax({'type':'POST',url:t,data:{},success:function(t,i,n){$('div.panel div.status div.loader').html('&nbsp;');doResponse(t,i,e)}})};function startDialog(t,e,i,n,a){if(!e)e=$('#editor').attr('data-action');n=$('#editor').attr('data-id');$('div#dialog > .view').html('<div class="header"><img class="icon" title="" src="./themes/default/images/icon/'+i+'.png" />'+t+'</div>');$('div#dialog > .view').data('id',n);$('div#dialog').removeClass('closed').addClass('open');Workbench.loadViewIntoElement($('div#dialog > .view'),e,i,n,a)};function modalView(t,e){var i=$(t).closest('div.panel').find('li.active').attr('data-action'),n=$(t).closest('div.panel').find('li.active').attr('data-method'),a=$(t).closest('div.panel').find('li.active').attr('data-id');$(t).closest('div.content').modal({'overlayClose':'true','xxxonClose':function(){alert('close)')}});loadView($(t).closest('div.content'),i,n,a)};function setTitle(t){if(t)$('head > title').text(t+' - '+$('head > title').data('default'));else $('head > title').text($('head > title').data('default'))};function openNewAction(t,e,i,n){setTitle(t);setNewAction(e,i,n)};function filterMenus(t){$('div.clickable').addClass('active');$('div.clickable.filtered').removeClass('active').addClass('inactive');$('div.clickable.filtered.on-action-'+t).addClass('active').removeClass('inactive')};function setNewAction(t,e,i){Navigator.navigateToNewAction(t,'edit',e,i)};function setNewId(t){};function notifyBrowser(t){if(!('Notification' in window)){return} +else{$('div#dialog').removeClass('is-open').addClass('is-closed');$('div#dialog > .view').html('')}})};function loadView(t,e,i,n,a){Navigator.navigateToNewAction(e,i,n,a)};function registerViewEvents(t){$(t).trigger('orViewLoaded');$(t).closest('div.panel').find('div.header div.dropdown div.entry.perview').remove();$(t).find('div.headermenu > a').each(function(t,e){});$(t).find('div.header > a.back').each(function(e,i){$(i).removeClass('button').wrap('<div class="entry perview" />').parent().appendTo($(t).closest('div.panel').find('div.header div.dropdown').first())});$(t).find('div.selector.tree').each(function(){var t=this;$(this).orTree({type:'project',selectable:$(t).attr('data-types').split(','),id:$(t).attr('data-init-folderid'),onSelect:function(e,i,n){var a=$(t).parent();$(a).find('input[type=text]').attr('value',e);$(a).find('input[type=hidden]').attr('value',n)}})});$('div.content li.object').draggable({cursor:'move',revert:'invalid'});$('div.content li.object > .entry[data-type=\'folder\']').droppable({accept:'li.object',hoverClass:'drophover',activeClass:'dropactive',drop:function(t,e){var i=e.draggable,n=$(this).parent();startDialog($(this).text(),$(i).attr('data-type'),'copy',$(n).attr('data-id'),{'action':$(i).attr('data-type'),'subaction':'copy','id':$(i).attr('data-id'),'targetFolderId':$(n).attr('data-id')});$(i).detach().css({top:0,left:0}).appendTo(n).click()}});$(t).find('input').change(function(){$('#editor').find('header').addClass('dirty')})};function registerHeaderEvents(){$('body').click(function(){$('.toolbar-icon.menu').parent().removeClass('open')});$('#title .toolbar-icon.menu').click(function(t){t.stopPropagation();$(this).parent().toggleClass('open')});$('#title .toolbar-icon.menu').mouseover(function(){$(this).parent().find('.toolbar-icon.menu').removeClass('open');$(this).addClass('open')});$('#title div.search input').blur(function(){$('div.search input div.dropdown').fadeOut()});$('#title div.search input').orSearch({dropdown:'#title div.search div.dropdown'})};function fullscreen(t){$(t).closest('div.panel').fadeOut('fast',function(){$(this).toggleClass('fullscreen').fadeIn('fast')})};function loadTree(){$('#navigation').html('&nbsp;');$('#navigation').orTree({type:'root',id:0,onSelect:function(t,e,i,n){openNewAction(t,e,i,n)}});$('#navigation > div.sheet.action-tree.method-tree > ul.tree > div.tree').delay(500).click();$('#navigation > div.sheet.action-tree.method-tree > ul.tree > div.tree').delay(500).click()};function submitUrl(t,e){postUrl(e,t)};function postUrl(t,e){t+='&output=json';$.ajax({'type':'POST',url:t,data:{},success:function(t,i,n){$('div.panel div.status div.loader').html('&nbsp;');doResponse(t,i,e)}})};function startDialog(t,e,i,n,a){if(!e)e=$('#editor').attr('data-action');n=$('#editor').attr('data-id');$('div#dialog > .view').html('<div class="header"><img class="icon" title="" src="./themes/default/images/icon/'+i+'.png" />'+t+'</div>');$('div#dialog > .view').data('id',n);$('div#dialog').removeClass('is-closed').addClass('is-open');Workbench.loadViewIntoElement($('div#dialog > .view'),e,i,n,a)};function modalView(t,e){var i=$(t).closest('div.panel').find('li.active').attr('data-action'),n=$(t).closest('div.panel').find('li.active').attr('data-method'),a=$(t).closest('div.panel').find('li.active').attr('data-id');$(t).closest('div.content').modal({'overlayClose':'true','xxxonClose':function(){alert('close)')}});loadView($(t).closest('div.content'),i,n,a)};function setTitle(t){if(t)$('head > title').text(t+' - '+$('head > title').data('default'));else $('head > title').text($('head > title').data('default'))};function openNewAction(t,e,i,n){setTitle(t);setNewAction(e,i,n)};function filterMenus(t){$('div.clickable').addClass('active');$('div.clickable.filtered').removeClass('active').addClass('inactive');$('div.clickable.filtered.on-action-'+t).addClass('active').removeClass('inactive')};function setNewAction(t,e,i){Navigator.navigateToNewAction(t,'edit',e,i)};function setNewId(t){};function notifyBrowser(t){if(!('Notification' in window)){return} else if(Notification.permission==='granted'){var e=new Notification(t)} else if(Notification.permission!=='denied'){Notification.requestPermission(function(e){if(e==='granted'){var i=new Notification(t)}})}};function setUserStyle(t){var e=$('html'),i=e.attr('class').split(/\s+/);$.each(i,function(t,i){if(i.startsWith('theme-')){e.removeClass(i)}});e.addClass('theme-'+t.toLowerCase())};function insert(t,e,i){var n=document.forms[0].elements[t];n.focus();if(typeof document.selection!='undefined'){var r=document.selection.createRange(),a=r.text;r.text=e+a+i;r=document.selection.createRange();if(a.length==0){r.move('character',-i.length)} else{r.moveStart('character',e.length+a.length+i.length)};r.select()} -else if(typeof n.selectionStart!='undefined'){var d=n.selectionStart,c=n.selectionEnd,a=n.value.substring(d,c);n.value=n.value.substr(0,d)+e+a+i+n.value.substr(c);var o;if(a.length==0){o=d+e.length} +else if(typeof n.selectionStart!='undefined'){var d=n.selectionStart,s=n.selectionEnd,a=n.value.substring(d,s);n.value=n.value.substr(0,d)+e+a+i+n.value.substr(s);var o;if(a.length==0){o=d+e.length} else{o=d+e.length+a.length+i.length};n.selectionStart=o;n.selectionEnd=o} else{o=n.value.length;var a=prompt('Text');n.value=n.value.substr(0,o)+e+a+i+n.value.substr(o)}};function createUrl(t,e,i,n,o){var a='./';a+='?action='+t;if(e!=null)a+='&subaction='+e;a+='&id='+i;if(o)a+='&embed=1';if(typeof n==='string'){jQuery.each(jQuery.parseJSON(n),function(t,e){if(t=='action'||t=='subaction'||t=='id')return;a=a+'&'+t+'='+e})} else if(typeof n==='object'){jQuery.each(n,function(t,e){if(t=='action'||t=='subaction'||t=='id')return;a=a+'&'+t+'='+e})} diff --git a/modules/cms-ui/themes/default/style/openrat-workbench.css b/modules/cms-ui/themes/default/style/openrat-workbench.css @@ -117,7 +117,7 @@ div#dialog > .view { z-index: 101; border: 1px solid !important; } -div#dialog.closed { +div#dialog.is-closed { display: none; } .arrow { diff --git a/modules/cms-ui/themes/default/style/openrat-workbench.less b/modules/cms-ui/themes/default/style/openrat-workbench.less @@ -61,7 +61,7 @@ div#dialog { border: 1px solid !important; } - &.closed { + &.is-closed { display: none; } } diff --git a/modules/cms-ui/themes/default/style/openrat-workbench.min.css b/modules/cms-ui/themes/default/style/openrat-workbench.min.css @@ -1 +1 @@ -html,body,div,span,object,iframe,h1,h2,h3,h4,h5,h6,p,blockquote,pre,a,abbr,acronym,address,code,del,dfn,em,img,q,dl,dt,dd,ol,ul,li,fieldset,form,label,legend,table,caption,tbody,tfoot,thead,tr,th,td{margin: 0;padding: 0;border: 0;font-weight: inherit;vertical-align: baseline}body{line-height: 1.5}table{border-collapse: separate;border-spacing: 0}caption,th,td{text-align: left;font-weight: normal}table,td,th{vertical-align: top}blockquote:before,blockquote:after,q:before,q:after{content: ""}blockquote,q{quotes: "" ""}a img{border: none}div#workbench div.panel.modal{position: relative;z-index: 101;border: 1px solid !important}div#dialog > .view{overflow: auto;position: absolute;top: 5%;left: 10%;width: 80%;height: 80%;z-index: 101;border: 1px solid !important}div#dialog.closed{display: none}.arrow{width: 0;height: 0;margin: 6px;padding: 0;font-size: 0}.arrow.arrow-down{border-right: 6px solid transparent;border-top: 6px solid;border-left: 6px solid transparent;border-bottom: 4px solid transparent;margin-top: 10px}.arrow.arrow-right{border-top: 6px solid transparent;border-left: 6px solid;border-bottom: 6px solid transparent;border-right: 4px solid transparent;margin-left: 10px}#editor .dirty{font-weight: bold}.visible-for-nojs{display: none}html.nojs .noscript{display: block}- \ No newline at end of file +html,body,div,span,object,iframe,h1,h2,h3,h4,h5,h6,p,blockquote,pre,a,abbr,acronym,address,code,del,dfn,em,img,q,dl,dt,dd,ol,ul,li,fieldset,form,label,legend,table,caption,tbody,tfoot,thead,tr,th,td{margin: 0;padding: 0;border: 0;font-weight: inherit;vertical-align: baseline}body{line-height: 1.5}table{border-collapse: separate;border-spacing: 0}caption,th,td{text-align: left;font-weight: normal}table,td,th{vertical-align: top}blockquote:before,blockquote:after,q:before,q:after{content: ""}blockquote,q{quotes: "" ""}a img{border: none}div#workbench div.panel.modal{position: relative;z-index: 101;border: 1px solid !important}div#dialog > .view{overflow: auto;position: absolute;top: 5%;left: 10%;width: 80%;height: 80%;z-index: 101;border: 1px solid !important}div#dialog.is-closed{display: none}.arrow{width: 0;height: 0;margin: 6px;padding: 0;font-size: 0}.arrow.arrow-down{border-right: 6px solid transparent;border-top: 6px solid;border-left: 6px solid transparent;border-bottom: 4px solid transparent;margin-top: 10px}.arrow.arrow-right{border-top: 6px solid transparent;border-left: 6px solid;border-bottom: 6px solid transparent;border-right: 4px solid transparent;margin-left: 10px}#editor .dirty{font-weight: bold}.visible-for-nojs{display: none}html.nojs .noscript{display: block}+ \ No newline at end of file diff --git a/modules/template-engine/components/html/form/Form.class.php b/modules/template-engine/components/html/form/Form.class.php @@ -21,7 +21,12 @@ class FormComponent extends Component public $visible = false; - public $target = '_self'; + /** + * 'view' = Loads Action in the same view + * 'top' = Replaces whole workbench. + * @var string + */ + public $target = 'view'; public $enctype = 'application/x-www-form-urlencoded'; @@ -42,7 +47,8 @@ class FormComponent extends Component echo '<form'; echo ' name="' . $this->htmlvalue($this->name) . '"'; - echo ' target="' . $this->htmlvalue($this->target) . '"'; + echo ' target="_self"'; + echo ' data-target="' . $this->htmlvalue($this->target) . '"'; echo ' action="./"'; echo ' data-method="' . $this->htmlvalue($this->subaction) . '"'; echo ' data-action="' . $this->htmlvalue($this->action) . '"'; @@ -57,7 +63,8 @@ class FormComponent extends Component // Enable Submit on Enter echo '<input type="submit" class="invisible" />'; - echo '<input type="hidden" name="<?php echo REQ_PARAM_EMBED ?>" value="'.$this->htmlvalue($this->async).'" />'; + if ( $this->target!='top') + echo '<input type="hidden" name="<?php echo REQ_PARAM_EMBED ?>" value="1" />'; echo '<input type="hidden" name="<?php echo REQ_PARAM_TOKEN ?>" value="<?php echo token() ?>" />'; echo '<input type="hidden" name="<?php echo REQ_PARAM_ACTION ?>" value="' . $this->htmlvalue($this->action) . '" />'; echo '<input type="hidden" name="<?php echo REQ_PARAM_SUBACTION ?>" value="' . $this->htmlvalue($this->subaction) . '" />'; diff --git a/modules/template-engine/components/html/form/form.js b/modules/template-engine/components/html/form/form.js @@ -36,6 +36,7 @@ $(document).on('orViewLoaded',function(event, data) { function formSubmit(form) { // Login-Hack + /* if ( $('div.panel form input[type=password]').length>0 ) { $('#uname' ).attr('value',$('div.panel form input[name=login_name]' ).attr('value')); @@ -43,6 +44,7 @@ function formSubmit(form) $('#uname' ).closest('form').submit(); } + */ if ( $('#pageelement_edit_editor').length>0 ) { diff --git a/modules/template-engine/components/html/form/form.min.js b/modules/template-engine/components/html/form/form.min.js @@ -1,3 +1,3 @@ -;$(document).on('orViewLoaded',function(e,t){if($('div.panel form input[type=password]').length>0&&$('#uname').attr('value')!=''){$('div.panel form input[name=login_name] ').attr('value',$('#uname').attr('value'));$('div.panel form input[name=login_password]').attr('value',$('#upassword').attr('value'))};$(e.target).find('form[data-autosave="true"] input[type="checkbox"]').click(function(){$(this).closest('form').submit()});$(e.target).find('input.submit.ok').click(function(){$(this).closest('form').submit()});$(e.target).find('input.submit.cancel').click(function(){});$(e.target).find('form').submit(function(e){formSubmit($(this));e.preventDefault()})});function formSubmit(e){if($('div.panel form input[type=password]').length>0){$('#uname').attr('value',$('div.panel form input[name=login_name]').attr('value'));$('#upassword').attr('value',$('div.panel form input[name=login_password]').attr('value'));$('#uname').closest('form').submit()};if($('#pageelement_edit_editor').length>0){var o=CKEDITOR.instances['pageelement_edit_editor'];if(o){var l=o.getData();$('#pageelement_edit_editor').html(l)}};var t=$('<div class="notice info"><div class="text loader"></div></div>');$('#noticebar').prepend(t);$(t).show();$(e).find('.error').removeClass('error');var a=$(e).serializeArray(),d=$(e).attr('method').toUpperCase();if(d=='GET'){var r=$(e).data('action'),n=$(e).data('method'),s=$(e).data('id');loadView($(e).closest('div.content'),r,n,s,a)} -else{var i='./api/';$(e).closest('div.content').addClass('loader');i+='?output=json';a['output']='json';if($(e).data('async')||$(e).data('async')=='true'){$('div#dialog').html('').hide();$('div#filler').fadeOut(500)};$.ajax({'type':'POST',url:i,data:a,success:function(a,i,o){$(e).closest('div.content').removeClass('loader');$(t).remove();doResponse(a,i,e)},error:function(a,i,n){$(e).closest('div.content').removeClass('loader');$(t).remove();var r;try{var o=jQuery.parseJSON(a.responseText);r=o.error+'/'+o.description+': '+o.reason}catch(s){r=a.responseText};notify('error',r)}});$(e).fadeIn()}};function doResponse(e,t,a){if(t!='success'){alert('Server error: '+t);return};$.each(e['notices'],function(t,e){var i=$('<div class="notice '+e.status+'"><div class="text">'+e.text+'</div></div>');notifyBrowser(e.text);$.each(e.log,function(e,t){$(i).append('<div class="log">'+t+'</div>')});$('#noticebar').prepend(i);$(i).fadeIn().click(function(){$(this).fadeOut('fast',function(){$(this).remove()})});var o;if(e.status=='ok'){o=3;if($(a).data('async')!='true'){$('div#dialog').html('').hide();$('div#filler').fadeOut(500);$(a).closest('div.panel').find('div.header ul.views li.action.active').removeClass('dirty')}} -else{o=8};setTimeout(function(){$(i).fadeOut('slow').remove()},o*1000)});$.each(e['errors'],function(e,t){$('input[name='+t+']').addClass('error').parent().addClass('error').parents('fieldset').addClass('show').addClass('open')});if(!e.control){};if(e.control.redirect)window.location.href=e.control.redirect;if(e.control.new_style)setUserStyle(e.control.new_style);if(e.control.refresh);else if(e.control.next_view);else if(e.errors.length==0)$(a).closest('div.panel').find('li.action.active').orLoadView()};- \ No newline at end of file +;$(document).on('orViewLoaded',function(e,t){if($('div.panel form input[type=password]').length>0&&$('#uname').attr('value')!=''){$('div.panel form input[name=login_name] ').attr('value',$('#uname').attr('value'));$('div.panel form input[name=login_password]').attr('value',$('#upassword').attr('value'))};$(e.target).find('form[data-autosave="true"] input[type="checkbox"]').click(function(){$(this).closest('form').submit()});$(e.target).find('input.submit.ok').click(function(){$(this).closest('form').submit()});$(e.target).find('input.submit.cancel').click(function(){});$(e.target).find('form').submit(function(e){formSubmit($(this));e.preventDefault()})});function formSubmit(e){if($('#pageelement_edit_editor').length>0){var o=CKEDITOR.instances['pageelement_edit_editor'];if(o){var l=o.getData();$('#pageelement_edit_editor').html(l)}};var t=$('<div class="notice info"><div class="text loader"></div></div>');$('#noticebar').prepend(t);$(t).show();$(e).find('.error').removeClass('error');var i=$(e).serializeArray(),d=$(e).attr('method').toUpperCase();if(d=='GET'){var r=$(e).data('action'),n=$(e).data('method'),s=$(e).data('id');loadView($(e).closest('div.content'),r,n,s,i)} +else{var a='./api/';$(e).closest('div.content').addClass('loader');a+='?output=json';i['output']='json';if($(e).data('async')||$(e).data('async')=='true'){$('div#dialog').html('').hide();$('div#filler').fadeOut(500)};$.ajax({'type':'POST',url:a,data:i,success:function(i,a,o){$(e).closest('div.content').removeClass('loader');$(t).remove();doResponse(i,a,e)},error:function(i,a,n){$(e).closest('div.content').removeClass('loader');$(t).remove();var r;try{var o=jQuery.parseJSON(i.responseText);r=o.error+'/'+o.description+': '+o.reason}catch(s){r=i.responseText};notify('error',r)}});$(e).fadeIn()}};function doResponse(e,t,i){if(t!='success'){alert('Server error: '+t);return};$.each(e['notices'],function(t,e){var a=$('<div class="notice '+e.status+'"><div class="text">'+e.text+'</div></div>');notifyBrowser(e.text);$.each(e.log,function(e,t){$(a).append('<div class="log">'+t+'</div>')});$('#noticebar').prepend(a);$(a).fadeIn().click(function(){$(this).fadeOut('fast',function(){$(this).remove()})});var o;if(e.status=='ok'){o=3;if($(i).data('async')!='true'){$('div#dialog').html('').hide();$('div#filler').fadeOut(500);$(i).closest('div.panel').find('div.header ul.views li.action.active').removeClass('dirty')}} +else{o=8};setTimeout(function(){$(a).fadeOut('slow').remove()},o*1000)});$.each(e['errors'],function(e,t){$('input[name='+t+']').addClass('error').parent().addClass('error').parents('fieldset').addClass('show').addClass('open')});if(!e.control){};if(e.control.redirect)window.location.href=e.control.redirect;if(e.control.new_style)setUserStyle(e.control.new_style);if(e.control.refresh);else if(e.control.next_view);else if(e.errors.length==0)$(i).closest('div.panel').find('li.action.active').orLoadView()};+ \ No newline at end of file diff --git a/modules/util/config-default.php b/modules/util/config-default.php @@ -718,6 +718,10 @@ function createDefaultConfig() $conf['search']['quicksearch']['flag']['description']=true; $conf['search']['quicksearch']['flag']['content']=false; $conf['security'] = array(); + $conf['security']['cookie']=array(); + $conf['security']['cookie']['secure']=false; + $conf['security']['cookie']['httponly']=true; + $conf['security']['cookie']['expire']=720; $conf['security']['readonly']=false; $conf['security']['nopublish']=false; $conf['security']['umask']='0';