fixed JSON error "contains script tags! Aborting ..." when confirming a popup:

- adding id to notifications table to use it to identify a notification (sending back the message incl. onclick="..." caused the problem) - adding a timestamp when message was added, to identify older messages - close button --> send all ids in one ajax request, not one per id
2024-11-07 08:34:42 +01:00 · 2011-04-14 13:43:16 +00:00 · 2011-04-14 13:43:16 +00:00 · c3170b44bd
commit c3170b44bd
parent 42bf4dbc3c
6 changed files with 82 additions and 63 deletions
--- a/notifications/inc/class.notifications_ajax.inc.php
+++ b/notifications/inc/class.notifications_ajax.inc.php
@ -1,6 +1,6 @@
 <?php
 /**
- * eGroupWare - Notifications
+ * EGroupware - Notifications
 *
 * @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
 * @package notifications
@ -128,13 +128,17 @@ class notifications_ajax {
 	/**
 	 * Let the user confirm that they have seen the message.
 	 * After they've seen it, remove it from the database
+	 *
+	 * @param int|array $notify_id one or more notify_id's
 	 */
-	public function confirm_message($message) {
-//error_log( html_entity_decode($message));
-		$myval=$this->db->delete(self::_notification_table,array(
-			'account_id' => $this->recipient->account_id,
-			'message' => html_entity_decode($message)
-		),__LINE__,__FILE__,self::_appname);
+	public function confirm_message($notify_id)
+	{
+		if ($notify_id)
+		{
+			$this->db->delete(self::_notification_table,array(
+				'notify_id' => $notify_id,
+			),__LINE__,__FILE__,self::_appname);
+		}
 	}

 	/**
@ -231,14 +235,13 @@ class notifications_ajax {
 	 */
 	private function get_egwpopup() {
 		$message = '';
-		$rs = $this->db->select(self::_notification_table,
-			'*', array(
+		$rs = $this->db->select(self::_notification_table, '*', array(
 				'account_id' => $this->recipient->account_id,
 			),
 			__LINE__,__FILE__,false,'',self::_appname);
 		if ($rs->NumRows() > 0)	{
 			foreach ($rs as $notification) {
-				$this->response->addScriptCall('append_notification_message',$notification['message']);
+				$this->response->addScriptCall('append_notification_message',$notification['notify_id'],$notification['notify_message']);
 			}

 			switch($this->preferences[self::_appname]['egwpopup_verbosity']) {
--- a/notifications/inc/class.notifications_popup.inc.php
+++ b/notifications/inc/class.notifications_popup.inc.php
@ -1,6 +1,6 @@
 <?php
 /**
- * eGroupWare - Notifications
+ * EGroupware - Notifications
 *
 * @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
 * @package notifications
@ -18,17 +18,6 @@
 * In the second stage a request from the client reads
 * out the table to look if there is a notificaton for this
 * client. The second stage is done in class.notifications_ajax.inc.php
- *
- * Todo:
- * - save the messages by uid instead of sessionid into the notification table, this
- * has several advantages (users poll the messages via ajax from multiple logins, and
- * do not have to read one message twice, poll after re-login with different sessionid)
- * - delete message from the table only if the user has really seen it
- * - if the above things are done we should get rid of rendering the links here,
- * instead it should be done by the ajax class, so sessionids in links could be possible then
- *
- * (multidisplay is supported)
- *
 */
 class notifications_popup implements notifications_iface {

@ -86,13 +75,14 @@ class notifications_popup implements notifications_iface {
 	 * @param object $_preferences
 	 */
 	public function __construct($_sender, $_recipient, $_config = null, $_preferences = null) {
+		//error_log(__METHOD__."(".array2string($_sender).', '.array2string($_recipient).', '.array2string($config).',...)');
 		if(!is_object($_sender)) { throw new Exception("no sender given."); }
 		if(!is_object($_recipient)) { throw new Exception("no recipient given."); }
 		$this->sender = $_sender;
 		$this->recipient = $_recipient;
 		$this->config = $_config;
 		$this->preferences = $_preferences;
-		$this->db = &$GLOBALS['egw']->db;
+		$this->db = $GLOBALS['egw']->db;
 	}

 	/**
@ -126,8 +116,8 @@ class notifications_popup implements notifications_iface {
 	 */
 	private function save( $_message ) {
 		$result = $this->db->insert( self::_notification_table, array(
-			'account_id'	=> $this->recipient->account_id,
-			'message'		=> $_message
+			'account_id'     => $this->recipient->account_id,
+			'notify_message' => $_message
 			), false,__LINE__,__FILE__,self::_appname);
 		if ($result === false) throw new Exception("Can't save notification into SQL table");
 	}
@ -148,7 +138,7 @@ class notifications_popup implements notifications_iface {
 			if(!$link->popup) { $link->view['no_popup'] = 1; }

 			$url = html::link('/index.php', $link->view);
-			// do not expose sensitive data 	 
+			// do not expose sensitive data
 			$url = preg_replace('/(sessionid|kp3|domain)=[^&]+&?/','',$url);
 			// extract application-icon from menuaction
 			if($link->view['menuaction']) {
@ -208,16 +198,8 @@ class notifications_popup implements notifications_iface {
 	 * @param settings array with keys account_id and new_owner (new_owner is optional)
 	 */
 	public function deleteaccount($settings) {
-		if($settings['new_owner']) {
-			$this->db->update( self::_notification_table, array(
-				'account_id'	=> $settings['new_owner']
-			), array(
-				'account_id'	=> $settings['account_id']
-			),__LINE__,__FILE__,self::_appname);
-		} else {
-			$this->db->delete( self::_notification_table, array(
-				'account_id'	=> $settings['account_id']
-			),__LINE__,__FILE__,self::_appname);
-		}
+		$this->db->delete( self::_notification_table, array(
+			'account_id'	=> $settings['account_id']
+		),__LINE__,__FILE__,self::_appname);
 	}
 }
--- a/notifications/js/notificationajaxpopup.js
+++ b/notifications/js/notificationajaxpopup.js
@ -8,7 +8,7 @@
 * @version $Id$
 */

-var notifymessages = new Array();
+var notifymessages = {};

 function egwpopup_init(_i) {
 	window.setTimeout("egwpopup_refresh(" + _i + ");", 1000);
@ -39,9 +39,12 @@ function egwpopup_display() {
 	egwpopup.style.left = (Browserwidth/2 - 250) + "px";
 	egwpopup.style.top = (Browserheight/4) + "px";
 	egwpopup_message.style.maxHeight = (Browserheight/2) + "px";
-	egwpopup_message.innerHTML = notifymessages[0];
-	if(notifymessages.length-1 > 0 ) {
-		egwpopup_ok_button.value = "OK (" + (notifymessages.length-1) + ")";
+	for(var show in notifymessages) break;
+	egwpopup_message.innerHTML = notifymessages[show];
+	var num = 0;
+	for(var id in notifymessages) ++num;
+	if(num-1 > 0 ) {
+		egwpopup_ok_button.value = "OK (" + (num-1) + ")";
 	} else {
 		egwpopup_ok_button.value = "OK";
 	}
@ -64,23 +67,30 @@ function egwpopup_button_ok() {
 	egwpopup = document.getElementById("egwpopup");
 	egwpopup_message = document.getElementById("egwpopup_message");
 	egwpopup_message.scrollTop = 0;
-	xajax_doXMLHTTP("notifications.notifications_ajax.confirm_message", notifymessages[0]);
-	notifymessages.shift();
-	if(notifymessages.length > 0) {
-		egwpopup_display();
-	} else {
+
+	for(var confirmed in notifymessages) break;
+	xajax_doXMLHTTP("notifications.notifications_ajax.confirm_message", confirmed);
+	delete notifymessages[confirmed];
+	
+	for(var id in notifymessages) break;
+	if (id == undefined) {
 		egwpopup.style.display = "none";
 		egwpopup_message.innerHTML = "";
 		notificationbell_switch("inactive");
+	} else {	
+		egwpopup_display();
 	}
 }

 // Close and mark all as read
 function egwpopup_button_close() {
-	for(var i = 0; i < notifymessages.length; i++) {
-		xajax_doXMLHTTP("notifications.notifications_ajax.confirm_message", notifymessages[i]);
+	var ids = new Array();
+	for(var id in notifymessages) {
+		ids.push(id);
 	}
-	notifymessages = new Array();
+	xajax_doXMLHTTP("notifications.notifications_ajax.confirm_message", ids);
+
+	notifymessages = {};
 	var egwpopup = document.getElementById("egwpopup");
 	var egwpopup_message = document.getElementById("egwpopup_message");
 	egwpopup.style.display = "none";
@ -88,9 +98,6 @@ function egwpopup_button_close() {
 	notificationbell_switch("inactive");
 }

-function append_notification_message(_message) {
-	// Check to prevent duplicates
-	if(notifymessages.indexOf(_message) == -1) {
-		notifymessages.push(_message);
-	}
+function append_notification_message(_id, _message) {
+	notifymessages[_id] = _message;
 }
--- a/notifications/setup/setup.inc.php
+++ b/notifications/setup/setup.inc.php
@ -15,7 +15,7 @@ if (!defined('NOTIFICATION_APP'))
 }

 $setup_info[NOTIFICATION_APP]['name']      = NOTIFICATION_APP;
-$setup_info[NOTIFICATION_APP]['version']   = '1.9.002';
+$setup_info[NOTIFICATION_APP]['version']   = '1.9.003';
 $setup_info[NOTIFICATION_APP]['app_order'] = 1;
 $setup_info[NOTIFICATION_APP]['tables']    = array('egw_notificationpopup');
 $setup_info[NOTIFICATION_APP]['enable']    = 2;
@ -45,5 +45,3 @@ $setup_info[NOTIFICATION_APP]['depends'][] = array(
 	 'appname' => 'etemplate',
 	 'versions' => Array('1.7','1.8','1.9')
 );
-
-
--- a/notifications/setup/tables_current.inc.php
+++ b/notifications/setup/tables_current.inc.php
@ -1,6 +1,6 @@
 <?php
 /**
- * eGroupWare - Notifications
+ * EGroupware - Notifications
 *
 * @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
 * @package notifications
@ -12,12 +12,14 @@
 $phpgw_baseline = array(
 	'egw_notificationpopup' => array(
 		'fd' => array(
-			'account_id' => array('type' => 'int','precision' => '20','nullable' => False),
-			'message' => array('type' => 'longtext')
+			'notify_id' => array('type' => 'auto','nullable' => False,'comment' => 'primary key'),
+			'account_id' => array('type' => 'int','precision' => '20','nullable' => False,'comment' => 'user to notify'),
+			'notify_message' => array('type' => 'text','comment' => 'notification message'),
+			'notify_created' => array('type' => 'timestamp','default' => 'current_timestamp','comment' => 'creation time of notification')
 		),
-		'pk' => array(),
+		'pk' => array('notify_id'),
 		'fk' => array(),
-		'ix' => array('account_id'),
+		'ix' => array('account_id','notify_created'),
 		'uc' => array()
 	)
 );
--- a/notifications/setup/tables_update.inc.php
+++ b/notifications/setup/tables_update.inc.php
@ -1,6 +1,6 @@
 <?php
 /**
- * eGroupWare - Setup
+ * EGroupware - Setup
 * http://www.egroupware.org
 * Created by eTemplates DB-Tools written by ralfbecker@outdoor-training.de
 *
@ -55,6 +55,9 @@ function notifications_upgrade1_8()
 	return $GLOBALS['setup_info']['notifications']['currentver'] = '1.9.001';
 }

+/**
+ * Empty notificaton table, as it can contain thousands of old entries, not delivered before
+ */
 function notifications_upgrade1_9_001()
 {
 	// empty notificationpopup table, as it can contain thousands of old entries, not delivered before
@ -62,3 +65,27 @@ function notifications_upgrade1_9_001()

 	return $GLOBALS['setup_info']['notifications']['currentver'] = '1.9.002';
 }
+
+/**
+ * Add primary key to easy identify notifications in ajax request, a automatic timestamp and table prefix
+ */
+function notifications_upgrade1_9_002()
+{
+	$GLOBALS['egw_setup']->oProc->RefreshTable('egw_notificationpopup',array(
+		'fd' => array(
+			'notify_id' => array('type' => 'auto','nullable' => False,'comment' => 'primary key'),
+			'account_id' => array('type' => 'int','precision' => '20','nullable' => False,'comment' => 'user to notify'),
+			'notify_message' => array('type' => 'text','comment' => 'notification message'),
+			'notify_created' => array('type' => 'timestamp','default' => 'current_timestamp','comment' => 'creation time of notification')
+		),
+		'pk' => array('notify_id'),
+		'fk' => array(),
+		'ix' => array('account_id','notify_created'),
+		'uc' => array()
+	),array(
+		'notify_message' => 'message',
+	));
+
+	return $GLOBALS['setup_info']['notifications']['currentver'] = '1.9.003';
+}
+