From dac2c858119ee3f8879c0b36984a82595554c96f Mon Sep 17 00:00:00 2001 From: Hugo Zilliox Date: Sat, 23 Apr 2022 22:51:24 +0200 Subject: [PATCH] Fix missing authentication (CSRF) when using related issues block (#90 and PR #93) --- assets/javascripts/issue_dynamic_edit.js | 22 +++++++++++++++++++++- init.rb | 2 +- 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/assets/javascripts/issue_dynamic_edit.js b/assets/javascripts/issue_dynamic_edit.js index a9ed881..5039ed2 100644 --- a/assets/javascripts/issue_dynamic_edit.js +++ b/assets/javascripts/issue_dynamic_edit.js @@ -37,6 +37,23 @@ if (_CONF_DISPLAY_EDIT_ICON === "block"){ $('body.controller-issues.action-show .issue.details').addClass('showPencils'); } +let updateCSRFToken = function(token){ + document.querySelectorAll('input[name="authenticity_token"]').forEach(elt => elt.value = token); + document.querySelector('meta[name="csrf-token"]').setAttribute("content", token); +} + +let setCSRFTokenInput = function(token){ + document.querySelectorAll('form[method="post"]').forEach(elt => { + if(!elt.querySelectorAll('input[name="authenticity_token"]').length){ + let input = document.createElement("input"); + input.setAttribute("type", "hidden"); + input.setAttribute("name", "authenticity_token"); + input.value = token; + elt.insertBefore(input, null); + } + }); +} + /* Generate edit block */ var getEditFormHTML = function(attribute){ var formElement = $('#issue_' + attribute + "_id"); @@ -317,6 +334,8 @@ var sendData = function(serialized_data){ $('body').find('input[type=date]').datepickerFallback(datepickerOptions); } + setCSRFTokenInput($(parsed).find('input[name="authenticity_token"]').val()); + updateCSRFToken($(parsed).find('input[name="authenticity_token"]').val()); setCheckVersionInterval(true); }, error: function(xhr, msg, error) { @@ -354,4 +373,5 @@ var sendData = function(serialized_data){ } // Init plugin -cloneEditForm(); \ No newline at end of file +cloneEditForm(); +setCSRFTokenInput(document.querySelector('meta[name="csrf-token"]').getAttribute("content")); diff --git a/init.rb b/init.rb index eff667e..bc641fd 100644 --- a/init.rb +++ b/init.rb @@ -1,6 +1,6 @@ require 'redmine' -require 'details_issue_hooks' +require_relative './lib/details_issue_hooks.rb' Redmine::Plugin.register :redmine_issue_dynamic_edit do name 'Redmine Dynamic edit Issue plugin'