From 1c4f65120c7532b8944e5b6fba9bcf403a108e5c Mon Sep 17 00:00:00 2001
From: Ralf Becker <ralfbecker@outdoor-training.de>
Date: Tue, 20 Aug 2013 12:06:41 +0000
Subject: [PATCH] new egw_framework methods refresh_opener and window_close to
 call egw_refresh on opener or close popup window in a content security save
 way

---
 etemplate/inc/class.etemplate.inc.php    | 18 +++----
 etemplate/js/etemplate2.js               | 30 +++++++++++
 phpgwapi/inc/class.egw_framework.inc.php | 64 ++++++++++++++++++++++--
 timesheet/inc/class.timesheet_ui.inc.php | 18 ++-----
 timesheet/templates/default/index.xet    | 33 ++----------
 5 files changed, 107 insertions(+), 56 deletions(-)

diff --git a/etemplate/inc/class.etemplate.inc.php b/etemplate/inc/class.etemplate.inc.php
index 3e78434abf..426cf61699 100644
--- a/etemplate/inc/class.etemplate.inc.php
+++ b/etemplate/inc/class.etemplate.inc.php
@@ -133,7 +133,7 @@ class etemplate_new extends etemplate_widget_template
 			'modifications' => self::$request->modifications,
 			'validation_errors' => self::$validation_errors,
 		);
-		
+
 		// Info required to load the etemplate client-side
 		$dom_id = str_replace('.','-',$this->name);
 		$load_array = array(
@@ -145,7 +145,7 @@ class etemplate_new extends etemplate_widget_template
 		if (self::$response)	// call is within an ajax event / form submit
 		{
 			//error_log("Ajax " . __LINE__);
-			self::$response->generic('et2_load', $load_array);
+			self::$response->generic('et2_load', $load_array+egw_framework::get_extra());
 		}
 		else	// first call
 		{
@@ -197,7 +197,7 @@ class etemplate_new extends etemplate_widget_template
 				$GLOBALS['egw']->framework->footer();
 			}
 			ob_flush();
-			
+
 			// Send any accumulated json responses - after flush to avoid sending the buffer as a response
 			if(egw_json_response::isJSONResponse())
 			{
@@ -216,10 +216,10 @@ class etemplate_new extends etemplate_widget_template
 	 */
 	static public function ajax_process_content($etemplate_exec_id, array $content)
 	{
-		error_log(__METHOD__."(".array2string($etemplate_exec_id).', '.array2string($content).")");
+		//error_log(__METHOD__."(".array2string($etemplate_exec_id).', '.array2string($content).")");
 
 		self::$request = etemplate_request::read($etemplate_exec_id);
-		error_log('request='.array2string(self::$request));
+		//error_log('request='.array2string(self::$request));
 
 		self::$response = egw_json_response::get();
 
@@ -246,17 +246,17 @@ class etemplate_new extends etemplate_widget_template
 			self::$response->generic('et2_validation_error', self::$validation_errors);
 			exit;
 		}
-		error_log(__METHOD__."(,".array2string($content).')');
-		error_log(' validated='.array2string($validated));
+		//error_log(__METHOD__."(,".array2string($content).')');
+		//error_log(' validated='.array2string($validated));
 		$content = ExecMethod(self::$request->method, self::complete_array_merge(self::$request->preserv, $validated));
 		if (isset($GLOBALS['egw_info']['flags']['java_script']))
 		{
 			// Strip out any script tags
 			$GLOBALS['egw_info']['flags']['java_script'] = preg_replace(array('/(<script[^>]*>)([^<]*)/is','/<\/script>/'),array('$2',''),$GLOBALS['egw_info']['flags']['java_script']);
 			self::$response->script($GLOBALS['egw_info']['flags']['java_script']);
-			error_log($app .' added javascript to $GLOBALS[egw_info][flags][java_script] - use egw_json_response->script() instead.');
+			//error_log($app .' added javascript to $GLOBALS[egw_info][flags][java_script] - use egw_json_response->script() instead.');
 		}
-	
+
 		return $content;
 	}
 
diff --git a/etemplate/js/etemplate2.js b/etemplate/js/etemplate2.js
index 7544c33258..4f1ff02e2a 100644
--- a/etemplate/js/etemplate2.js
+++ b/etemplate/js/etemplate2.js
@@ -597,10 +597,34 @@ etemplate2.getByApplication = function(app)
 	return list;
 };
 
+/**
+ * Plugin for egw.json type "et2_load"
+ * 
+ * @param _type
+ * @param _response
+ * @returns {Boolean}
+ */
 function etemplate2_handle_load(_type, _response)
 {
 	// Check the parameters
 	var data = _response.data;
+	
+	// handle egw_framework::refresh_opener()
+	if (jQuery.isArray(data['refresh-opener']))
+	{
+		if (window.opener && typeof window.opener.egw_refresh == 'function')
+		{
+			window.opener.egw_refresh.apply(window.opener, data['refresh-opener']);
+		}
+	}
+
+	// handle egw_framework::close_window(), this will terminate execution
+	if (data['window-close'])
+	{
+		window.close();
+	}
+	
+	// regular et2 re-load
 	if (typeof data.url == "string" && typeof data.data === 'object')
 	{
 		if(typeof this.load == 'function')
@@ -629,6 +653,12 @@ function etemplate2_handle_load(_type, _response)
 	throw("Error while parsing et2_load response");
 }
 
+/**
+ * Plugin for egw.json type "et2_validation_error"
+ * 
+ * @param _type
+ * @param _response
+ */
 function etemplate2_handle_validation_error(_type, _response)
 {
 	// Display validation errors
diff --git a/phpgwapi/inc/class.egw_framework.inc.php b/phpgwapi/inc/class.egw_framework.inc.php
index f67f279867..481252094b 100644
--- a/phpgwapi/inc/class.egw_framework.inc.php
+++ b/phpgwapi/inc/class.egw_framework.inc.php
@@ -156,12 +156,68 @@ abstract class egw_framework
 
 		if (!isset($GLOBALS['egw_info']['flags']['nonavbar']) || !$GLOBALS['egw_info']['flags']['nonavbar'])
 		{
-		   echo $this->navbar();
+			echo $this->navbar();
 		}
 		echo $content;
 
 		echo $this->footer();
-	 }
+	}
+
+	/**
+	 * Extra values send as data attributes to script tag of egw.js
+	 *
+	 * @var array
+	 */
+	protected static $extra = array();
+
+	/**
+	 * Refresh given application $targetapp display of entry $app $id, incl. outputting $msg
+	 *
+	 * Calling egw_refresh on opener in a content security save way
+	 *
+	 * @param string $msg message (already translated) to show, eg. 'Entry deleted'
+	 * @param string $app application name
+	 * @param string|int $id=null id of entry to refresh
+	 * @param string $type=null either 'edit', 'delete', 'add' or null
+	 * @param string $targetapp=null which app's window should be refreshed, default current
+	 * @param string|RegExp $replace=null regular expression to replace in url
+	 * @param string $with=null
+	 */
+	public static function refresh_opener($msg, $app, $id=null, $type=null, $targetapp=null, $replace=null, $with=null)
+	{
+		error_log(__METHOD__.'('.array2string(func_get_args()).')');
+		self::$extra['refresh-opener'] = func_get_args();
+	}
+
+	/**
+	 * Close (popup) window, use to replace egw_framework::onload('window.close()') in a content security save way
+	 */
+	public static function window_close()
+	{
+		error_log(__METHOD__."()");
+		self::$extra['window-close'] = true;
+
+		if ($_GET['menuaction'] === 'etemplate_new::ajax_process_content')
+		{
+			$response = egw_json_response::get();
+			$response->generic('et2_load', egw_framework::get_extra());
+		}
+		else
+		{
+			$GLOBALS['egw']->framework->render('', false, false);
+		}
+		common::egw_exit();
+	}
+
+	/**
+	 * Allow eg. ajax to query content set via refresh_opener or window_close
+	 *
+	 * @return array content of egw_framework::$extra
+	 */
+	public static function get_extra()
+	{
+		return self::$extra;
+	}
 
 	/**
 	 * Returns the html-header incl. the opening body tag
@@ -823,7 +879,9 @@ abstract class egw_framework
 		// Load LABjs ONCE here
 		$java_script .= '<script type="text/javascript" src="'. $GLOBALS['egw_info']['server']['webserver_url'].'/phpgwapi/js/labjs/LAB.src.js"'." ></script>\n".
 			'<script type="text/javascript" src="'. $GLOBALS['egw_info']['server']['webserver_url'].'/phpgwapi/js/jsapi/egw.js" id="egw_script_id"';
-		foreach($extra as $name => $value)
+
+		// add values of extra parameter and class var as data attributes to script tag of egw.js
+		foreach($extra+self::$extra as $name => $value)
 		{
 			if (is_array($value)) $value = json_encode($value);
 			// we need to double encode (html::htmlspecialchars( , TRUE)), as otherwise we get invalid json, eg. for quotes
diff --git a/timesheet/inc/class.timesheet_ui.inc.php b/timesheet/inc/class.timesheet_ui.inc.php
index ebb555e0c6..4b79642aa8 100644
--- a/timesheet/inc/class.timesheet_ui.inc.php
+++ b/timesheet/inc/class.timesheet_ui.inc.php
@@ -5,7 +5,7 @@
  * @link http://www.egroupware.org
  * @author Ralf Becker <RalfBecker-AT-outdoor-training.de>
  * @package timesheet
- * @copyright (c) 2005-11 by Ralf Becker <RalfBecker-AT-outdoor-training.de>
+ * @copyright (c) 2005-13 by Ralf Becker <RalfBecker-AT-outdoor-training.de>
  * @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
  * @version $Id$
  */
@@ -256,7 +256,7 @@ class timesheet_ui extends timesheet_bo
 							egw_link::link(TIMESHEET_APP,$this->data['ts_id'],$content['link_to']['to_id']);
 						}
 					}
-					$js = "opener.egw_refresh('$msg','timesheet','{$this->data['ts_id']}', '" . ($content['ts_id'] ? 'update' : 'add')."');";
+					egw_framework::refresh_opener($msg, 'timesheet', $this->data['ts_id'], $content['ts_id'] ? 'update' : 'add');
 					if ($button == 'apply') break;
 					if ($button == 'save_new')
 					{
@@ -287,7 +287,7 @@ class timesheet_ui extends timesheet_bo
 						if ($this->delete())
 						{
 							$msg = lang('Entry deleted');
-							$js = "opener.egw_refresh('$msg','timesheet','{$this->data['ts_id']}', 'delete');";
+							egw_framework::refresh_opener($msg, 'timesheet', $this->data['ts_id'], 'delete');
 						}
 						else
 						{
@@ -297,10 +297,7 @@ class timesheet_ui extends timesheet_bo
 					}
 					// fall-through for save
 				case 'cancel':
-					$js .= 'window.close();';
-					echo "<html>\n<body>\n<script>\n$js\n</script>\n</body>\n</html>\n";
-					common::egw_exit();
-					break;
+					egw_framework::window_close();
 			}
 		}
 		$preserv = $this->data + array(
@@ -316,7 +313,6 @@ class timesheet_ui extends timesheet_bo
 				'to_id' => $this->data['ts_id'] ? $this->data['ts_id'] : $content['link_to']['to_id'],
 				'to_app' => TIMESHEET_APP,
 			),
-			'js' => "<script>\n$js\n</script>\n",
 			'ts_quantity_blur' => $this->data['ts_duration'] ? round($this->data['ts_duration'] / 60.0,3) : '',
 			'start_time' => egw_time::to($this->data['ts_start'],'H:i'),
 			'pm_integration' => $this->pm_integration,
@@ -396,16 +392,10 @@ class timesheet_ui extends timesheet_bo
 				),
 		);
 		$sel_options['status'] = $this->field2label;
-		if (empty($content['ts_title']))
-		{
-			$content['ts_title'] = $content['ts_title_blur'] = ($preserv['ts_title_blur'] ? $preserv['ts_title_blur'] : $preserv['ts_project_blur']);
-		}
 
 		// the actual title-blur is either the preserved title blur (if we are called from infolog entry),
 		// or the preserved project-blur comming from the current selected project
 		$content['ts_title_blur'] = $preserv['ts_title_blur'] ? $preserv['ts_title_blur'] : $preserv['ts_project_blur'];
-		// make sure that ts_title is shown (if set), by unsetting the blur text
-		if (!empty($content['ts_title']) && $content['ts_title']==$content['ts_title_blur']) unset($content['ts_title_blur']);
 		$readonlys = array(
 			'button[delete]'   => !$this->data['ts_id'] || !$this->check_acl(EGW_ACL_DELETE) || $this->data['ts_status'] == self::DELETED_STATUS,
 			'button[undelete]' => $this->data['ts_status'] != self::DELETED_STATUS,
diff --git a/timesheet/templates/default/index.xet b/timesheet/templates/default/index.xet
index 273730de0e..4dbebb6177 100644
--- a/timesheet/templates/default/index.xet
+++ b/timesheet/templates/default/index.xet
@@ -13,7 +13,7 @@
 		</styles>
 	</template>
 	<template id="timesheet.index.add" template="" lang="" group="0" version="1.7.001">
-		<buttononly label="Add" id="add" onclick="window.open(egw::link('/index.php','menuaction=timesheet.timesheet_ui.edit'),'_blank','dependent=yes,width=600,height=400,scrollbars=yes,status=yes'); return false;"/>
+		<buttononly label="Add" id="add" onclick="egw.open('timesheet');"/>
 	</template>
 	<template id="timesheet.index.rows" template="" lang="" group="0" version="1.9.001">
 		<grid width="100%">
@@ -107,34 +107,7 @@
 		</grid>
 	</template>
 	<template id="timesheet.index" template="" lang="" group="0" version="1.9.001">
-		<grid width="100%">
-			<columns>
-				<column/>
-				<column/>
-			</columns>
-			<rows>
-				<row disabled="!@msg">
-					<description align="center" id="msg" no_lang="1" span="all" class="redItalic"/>
-					<description/>
-				</row>
-				<row disabled="1">
-					<hbox>
-						<template id="dates"/>
-						<template align="right" id="add"/>
-					</hbox>
-					<description/>
-				</row>
-				<row>
-					<nextmatch id="nm" options="timesheet.index.rows" span="all"/>
-				</row>
-				<row class="noPrint" disabled="!@nm[selectcols]=/legacy_actions/">
-					<button label="Add" id="add" onclick="window.open(egw::link('/index.php','menuaction=timesheet.timesheet_ui.edit'),'_blank','dependent=yes,width=600,height=400,scrollbars=yes,status=yes'); return false;"/>
-					<hbox align="right">
-						<buttononly statustext="Select action" label="Select action" id="legacy_actions" onclick="if (!egw_globalObjectManager.getObjectById('timesheet.index.rows').executeActionImplementation(this, 'popup')) alert(egw::lang('You need to select some entries first!')); return false;;"/>
-						<button statustext="Check all" label="Check all" id="check_all" needed="1" onclick="egw_globalObjectManager.getObjectById('timesheet.index.rows').toggleAllSelected(); return false;" image="arrow_ltr" class="checkAllArrow"/>
-					</hbox>
-				</row>
-			</rows>
-		</grid>
+		<description align="center" id="msg" no_lang="1" class="message"/>
+		<nextmatch id="nm" options="timesheet.index.rows" header_left="timesheet.index.dates" header_right="timesheet.index.add"/>
 	</template>
 </overlay>
\ No newline at end of file