From c3170b44bd667d553196fb6910b4f169aeb500bc Mon Sep 17 00:00:00 2001 From: Ralf Becker Date: Thu, 14 Apr 2011 13:43:16 +0000 Subject: [PATCH] fixed JSON error "contains script tags! Aborting ..." when confirming a popup: - adding id to notifications table to use it to identify a notification (sending back the message incl. onclick="..." caused the problem) - adding a timestamp when message was added, to identify older messages - close button --> send all ids in one ajax request, not one per id --- .../inc/class.notifications_ajax.inc.php | 23 ++++++----- .../inc/class.notifications_popup.inc.php | 36 ++++------------ notifications/js/notificationajaxpopup.js | 41 +++++++++++-------- notifications/setup/setup.inc.php | 4 +- notifications/setup/tables_current.inc.php | 12 +++--- notifications/setup/tables_update.inc.php | 29 ++++++++++++- 6 files changed, 82 insertions(+), 63 deletions(-) diff --git a/notifications/inc/class.notifications_ajax.inc.php b/notifications/inc/class.notifications_ajax.inc.php index 3e4316886f..d0d5e1c0d2 100644 --- a/notifications/inc/class.notifications_ajax.inc.php +++ b/notifications/inc/class.notifications_ajax.inc.php @@ -1,6 +1,6 @@ db->delete(self::_notification_table,array( - 'account_id' => $this->recipient->account_id, - 'message' => html_entity_decode($message) - ),__LINE__,__FILE__,self::_appname); + public function confirm_message($notify_id) + { + if ($notify_id) + { + $this->db->delete(self::_notification_table,array( + 'notify_id' => $notify_id, + ),__LINE__,__FILE__,self::_appname); + } } /** @@ -231,14 +235,13 @@ class notifications_ajax { */ private function get_egwpopup() { $message = ''; - $rs = $this->db->select(self::_notification_table, - '*', array( + $rs = $this->db->select(self::_notification_table, '*', array( 'account_id' => $this->recipient->account_id, ), __LINE__,__FILE__,false,'',self::_appname); if ($rs->NumRows() > 0) { foreach ($rs as $notification) { - $this->response->addScriptCall('append_notification_message',$notification['message']); + $this->response->addScriptCall('append_notification_message',$notification['notify_id'],$notification['notify_message']); } switch($this->preferences[self::_appname]['egwpopup_verbosity']) { diff --git a/notifications/inc/class.notifications_popup.inc.php b/notifications/inc/class.notifications_popup.inc.php index e743078868..d56ef6d8f2 100644 --- a/notifications/inc/class.notifications_popup.inc.php +++ b/notifications/inc/class.notifications_popup.inc.php @@ -1,6 +1,6 @@ sender = $_sender; $this->recipient = $_recipient; $this->config = $_config; $this->preferences = $_preferences; - $this->db = &$GLOBALS['egw']->db; + $this->db = $GLOBALS['egw']->db; } /** @@ -126,8 +116,8 @@ class notifications_popup implements notifications_iface { */ private function save( $_message ) { $result = $this->db->insert( self::_notification_table, array( - 'account_id' => $this->recipient->account_id, - 'message' => $_message + 'account_id' => $this->recipient->account_id, + 'notify_message' => $_message ), false,__LINE__,__FILE__,self::_appname); if ($result === false) throw new Exception("Can't save notification into SQL table"); } @@ -148,7 +138,7 @@ class notifications_popup implements notifications_iface { if(!$link->popup) { $link->view['no_popup'] = 1; } $url = html::link('/index.php', $link->view); - // do not expose sensitive data + // do not expose sensitive data $url = preg_replace('/(sessionid|kp3|domain)=[^&]+&?/','',$url); // extract application-icon from menuaction if($link->view['menuaction']) { @@ -208,16 +198,8 @@ class notifications_popup implements notifications_iface { * @param settings array with keys account_id and new_owner (new_owner is optional) */ public function deleteaccount($settings) { - if($settings['new_owner']) { - $this->db->update( self::_notification_table, array( - 'account_id' => $settings['new_owner'] - ), array( - 'account_id' => $settings['account_id'] - ),__LINE__,__FILE__,self::_appname); - } else { - $this->db->delete( self::_notification_table, array( - 'account_id' => $settings['account_id'] - ),__LINE__,__FILE__,self::_appname); - } + $this->db->delete( self::_notification_table, array( + 'account_id' => $settings['account_id'] + ),__LINE__,__FILE__,self::_appname); } } diff --git a/notifications/js/notificationajaxpopup.js b/notifications/js/notificationajaxpopup.js index 1aed64d140..853ebb90f3 100644 --- a/notifications/js/notificationajaxpopup.js +++ b/notifications/js/notificationajaxpopup.js @@ -8,7 +8,7 @@ * @version $Id$ */ -var notifymessages = new Array(); +var notifymessages = {}; function egwpopup_init(_i) { window.setTimeout("egwpopup_refresh(" + _i + ");", 1000); @@ -39,9 +39,12 @@ function egwpopup_display() { egwpopup.style.left = (Browserwidth/2 - 250) + "px"; egwpopup.style.top = (Browserheight/4) + "px"; egwpopup_message.style.maxHeight = (Browserheight/2) + "px"; - egwpopup_message.innerHTML = notifymessages[0]; - if(notifymessages.length-1 > 0 ) { - egwpopup_ok_button.value = "OK (" + (notifymessages.length-1) + ")"; + for(var show in notifymessages) break; + egwpopup_message.innerHTML = notifymessages[show]; + var num = 0; + for(var id in notifymessages) ++num; + if(num-1 > 0 ) { + egwpopup_ok_button.value = "OK (" + (num-1) + ")"; } else { egwpopup_ok_button.value = "OK"; } @@ -64,23 +67,30 @@ function egwpopup_button_ok() { egwpopup = document.getElementById("egwpopup"); egwpopup_message = document.getElementById("egwpopup_message"); egwpopup_message.scrollTop = 0; - xajax_doXMLHTTP("notifications.notifications_ajax.confirm_message", notifymessages[0]); - notifymessages.shift(); - if(notifymessages.length > 0) { - egwpopup_display(); - } else { + + for(var confirmed in notifymessages) break; + xajax_doXMLHTTP("notifications.notifications_ajax.confirm_message", confirmed); + delete notifymessages[confirmed]; + + for(var id in notifymessages) break; + if (id == undefined) { egwpopup.style.display = "none"; egwpopup_message.innerHTML = ""; notificationbell_switch("inactive"); + } else { + egwpopup_display(); } } // Close and mark all as read function egwpopup_button_close() { - for(var i = 0; i < notifymessages.length; i++) { - xajax_doXMLHTTP("notifications.notifications_ajax.confirm_message", notifymessages[i]); + var ids = new Array(); + for(var id in notifymessages) { + ids.push(id); } - notifymessages = new Array(); + xajax_doXMLHTTP("notifications.notifications_ajax.confirm_message", ids); + + notifymessages = {}; var egwpopup = document.getElementById("egwpopup"); var egwpopup_message = document.getElementById("egwpopup_message"); egwpopup.style.display = "none"; @@ -88,9 +98,6 @@ function egwpopup_button_close() { notificationbell_switch("inactive"); } -function append_notification_message(_message) { - // Check to prevent duplicates - if(notifymessages.indexOf(_message) == -1) { - notifymessages.push(_message); - } +function append_notification_message(_id, _message) { + notifymessages[_id] = _message; } diff --git a/notifications/setup/setup.inc.php b/notifications/setup/setup.inc.php index 66b3388380..886ec357a7 100644 --- a/notifications/setup/setup.inc.php +++ b/notifications/setup/setup.inc.php @@ -15,7 +15,7 @@ if (!defined('NOTIFICATION_APP')) } $setup_info[NOTIFICATION_APP]['name'] = NOTIFICATION_APP; -$setup_info[NOTIFICATION_APP]['version'] = '1.9.002'; +$setup_info[NOTIFICATION_APP]['version'] = '1.9.003'; $setup_info[NOTIFICATION_APP]['app_order'] = 1; $setup_info[NOTIFICATION_APP]['tables'] = array('egw_notificationpopup'); $setup_info[NOTIFICATION_APP]['enable'] = 2; @@ -45,5 +45,3 @@ $setup_info[NOTIFICATION_APP]['depends'][] = array( 'appname' => 'etemplate', 'versions' => Array('1.7','1.8','1.9') ); - - diff --git a/notifications/setup/tables_current.inc.php b/notifications/setup/tables_current.inc.php index 3fcbc00601..a819afb4d3 100644 --- a/notifications/setup/tables_current.inc.php +++ b/notifications/setup/tables_current.inc.php @@ -1,6 +1,6 @@ array( 'fd' => array( - 'account_id' => array('type' => 'int','precision' => '20','nullable' => False), - 'message' => array('type' => 'longtext') + 'notify_id' => array('type' => 'auto','nullable' => False,'comment' => 'primary key'), + 'account_id' => array('type' => 'int','precision' => '20','nullable' => False,'comment' => 'user to notify'), + 'notify_message' => array('type' => 'text','comment' => 'notification message'), + 'notify_created' => array('type' => 'timestamp','default' => 'current_timestamp','comment' => 'creation time of notification') ), - 'pk' => array(), + 'pk' => array('notify_id'), 'fk' => array(), - 'ix' => array('account_id'), + 'ix' => array('account_id','notify_created'), 'uc' => array() ) ); diff --git a/notifications/setup/tables_update.inc.php b/notifications/setup/tables_update.inc.php index 9ff2f826ee..d1ec91ea8a 100644 --- a/notifications/setup/tables_update.inc.php +++ b/notifications/setup/tables_update.inc.php @@ -1,6 +1,6 @@ oProc->RefreshTable('egw_notificationpopup',array( + 'fd' => array( + 'notify_id' => array('type' => 'auto','nullable' => False,'comment' => 'primary key'), + 'account_id' => array('type' => 'int','precision' => '20','nullable' => False,'comment' => 'user to notify'), + 'notify_message' => array('type' => 'text','comment' => 'notification message'), + 'notify_created' => array('type' => 'timestamp','default' => 'current_timestamp','comment' => 'creation time of notification') + ), + 'pk' => array('notify_id'), + 'fk' => array(), + 'ix' => array('account_id','notify_created'), + 'uc' => array() + ),array( + 'notify_message' => 'message', + )); + + return $GLOBALS['setup_info']['notifications']['currentver'] = '1.9.003'; +} +