Re: [xwiki-devs] [xwiki-notifications] r34623 - platform/xwiki-applications/trunk/administration/src/main/resources/XWiki
10 Feb
2011
10 Feb
'11
10:18 p.m.
On 02/10/2011 10:08 PM, Alex Busenius wrote:
Hi,
On 02/10/2011 09:38 PM, sdumitriu (SVN) wrote:
I know, but an extra encoding doesn't break anything.
Author: sdumitriu
Date: 2011-02-10 21:38:15 +0100 (Thu, 10 Feb 2011)
New Revision: 34623
Modified:
platform/xwiki-applications/trunk/administration/src/main/resources/XWiki/XWikiGroupSheet.xml
Log:
XAADMINISTRATION-218: CSRF token not included in add-group-member ajax request
Fixed.
Patch from Andreas Jonsson applied with a slight change (applied escapetool.url for
safety)
Modified:
platform/xwiki-applications/trunk/administration/src/main/resources/XWiki/XWikiGroupSheet.xml
===================================================================
---
platform/xwiki-applications/trunk/administration/src/main/resources/XWiki/XWikiGroupSheet.xml 2011-02-10
20:37:52 UTC (rev 34622)
+++
platform/xwiki-applications/trunk/administration/src/main/resources/XWiki/XWikiGroupSheet.xml 2011-02-10
20:38:15 UTC (rev 34623)
@@ -171,7 +171,7 @@
},
addNewMember: function(uorg, input) {
if (input) {
- var url = "${doc.getURL()}?xpage=adduorg&uorg=" +
encodeURIComponent(uorg) + "&name=" + encodeURIComponent(input.value);
+ var url = "${doc.getURL()}?xpage=adduorg&uorg=" +
encodeURIComponent(uorg) + "&name=" + encodeURIComponent(input.value) +
"&form_token=$!{escapetool.url($services.csrf.getToken())}";
actually, $services.csrf.getToken() returns the token in a URL-safe
base64 encoding, so it should work fine without escapetool. Regards,
Alex
> new Ajax.Request(url, {
> method: 'get',
> onSuccess: function(transport) {
>
--
Sergiu Dumitriu
http://purl.org/net/sergiu/
5020
days inactive
5020
days old
0 comments
1 participants
participants (1)
-
Sergiu Dumitriu