holm/egroupware
1
1
Fork 0
forked from extern/egroupware
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix security error about autocomplete form happens only in FF

Browse Source
This commit is contained in:
Hadi Nategh 2015-02-04 09:40:52 +00:00
parent 8a045a355d
commit 2554c30da7
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
etemplate/inc/class.etemplate_new.inc.php
View File

@ -189,11 +189,15 @@ class etemplate_new extends etemplate_widget_template
{
egw_framework::validate_file('.','app',$app,false);
}
// set action attribute for autocomplete form tag
// as firefox complains on about:balnk action, thus we have to literaly submit the form to a blank html
$form_action = "about:blank";
if (html::$user_agent == 'firefox') $form_action = $GLOBALS['egw_info']['server']['webserver_url'].'/etemplate/empty.html';
// check if we are in an ajax-exec call from jdots template (or future other tabbed templates)
if (isset($GLOBALS['egw']->framework->response))
{
$content = '<form target="egw_iframe_autocomplete_helper" action="about:blank" id="'.$dom_id.'" class="et2_container"></form><iframe name="egw_iframe_autocomplete_helper" style="width:0;height:0;position: absolute;"/>';
$content = '<form target="egw_iframe_autocomplete_helper" action="'.$form_action.'" id="'.$dom_id.'" class="et2_container"></form><iframe name="egw_iframe_autocomplete_helper" style="width:0;height:0;position: absolute;"/>';
// add server-side page-generation times
if($GLOBALS['egw_info']['user']['preferences']['common']['show_generation_time'])
{
@ -226,7 +230,7 @@ class etemplate_new extends etemplate_widget_template
$load_array['response'] = egw_json_response::get()->returnResult();
}
// <iframe> and <form> tags added only to get browser autocomplete handling working again
echo '<form target="egw_iframe_autocomplete_helper" action="about:blank" id="'.$dom_id.'" class="et2_container" data-etemplate="'.html::htmlspecialchars(egw_json_response::json_encode($load_array), true).'"></form><iframe name="egw_iframe_autocomplete_helper" style="width:0;height:0;position: absolute;"/>';
echo '<form target="egw_iframe_autocomplete_helper" action="'.$form_action.'" id="'.$dom_id.'" class="et2_container" data-etemplate="'.html::htmlspecialchars(egw_json_response::json_encode($load_array), true).'"></form><iframe name="egw_iframe_autocomplete_helper" style="width:0;height:0;position: absolute;"/>';
if ($output_mode == 2)
{