From 79e1b5c9b828a1735ec5a01893cbf0faa1ce1ce0 Mon Sep 17 00:00:00 2001 From: Ralf Becker Date: Mon, 10 Mar 2014 11:58:49 +0000 Subject: [PATCH] fixed CSP error for multiple eTemplate2s (CRM view), by allways sending etemplate data via et2_container tag (instead etemplate script tag) and create an et2 object for all of them in egw.js --- etemplate/inc/class.etemplate.inc.php | 56 +++++++++------------------ phpgwapi/js/jsapi/egw.js | 49 +++++++---------------- 2 files changed, 32 insertions(+), 73 deletions(-) diff --git a/etemplate/inc/class.etemplate.inc.php b/etemplate/inc/class.etemplate.inc.php index 66f3eb2c0e..b745a675a6 100644 --- a/etemplate/inc/class.etemplate.inc.php +++ b/etemplate/inc/class.etemplate.inc.php @@ -46,9 +46,12 @@ class etemplate_new extends etemplate_widget_template */ function __construct($name='',$load_via='') { + // we do NOT call parent consturctor, as we only want to enherit it's (static) methods + if (false) parent::__construct ($name); // satisfy IDE, as we dont call parent constructor + $this->sitemgr = isset($GLOBALS['Common_BO']) && is_object($GLOBALS['Common_BO']); - if ($name) $this->read($name,$template='default',$lang='default',$group=0,$version='',$load_via); + if ($name) $this->read($name,$template='default','default',0,'',$load_via); // generate new etemplate request object, if not already existing if(!isset(self::$request)) self::$request = etemplate_request::read(); @@ -185,9 +188,6 @@ class etemplate_new extends etemplate_widget_template egw_framework::validate_file('.','app',$app,false); } - $header = $GLOBALS['egw']->framework->header(array( - 'etemplate' => $load_array - )); // check if we are in an ajax-exec call from jdots template (or future other tabbed templates) if (isset($GLOBALS['egw']->framework->response)) { @@ -203,38 +203,21 @@ class etemplate_new extends etemplate_widget_template self::$request = null; return; } - else if (!$header) + echo $GLOBALS['egw']->framework->header(); + if ($output_mode != 2) { - // Headers already sent, another etemplate - echo '
'; - echo ''; + parse_navbar(); } - else + else // mark popups as such, by enclosing everything in div#popupMainDiv { - //error_log("NON-Ajax " . __LINE__); - echo $header; - if ($output_mode != 2) - { - parse_navbar(); - } - else // mark popups as such, by enclosing everything in div#popupMainDiv - { - echo '
'."\n"; - } - echo '
'; + echo '
'."\n"; + } + echo '
'; - if ($output_mode == 2) - { - echo "\n
\n"; - echo $GLOBALS['egw']->framework->footer(); - } + if ($output_mode == 2) + { + echo "\n
\n"; + echo $GLOBALS['egw']->framework->footer(); } ob_flush(); @@ -329,7 +312,7 @@ class etemplate_new extends etemplate_widget_template */ static public function process_exec() { - $etemplate_exec_id = $_POST['etemplate_exec_id']; + if (get_magic_quotes_gpc()) $_POST['value'] = stripslashes($_POST['value']); $content = json_decode($_POST['value'],true); if($content == null && $_POST['exec']) { @@ -340,8 +323,6 @@ class etemplate_new extends etemplate_widget_template error_log(__METHOD__."(".array2string($content).")"); self::$request = etemplate_request::read($_POST['etemplate_exec_id']); - if (get_magic_quotes_gpc()) $_POST['value'] = stripslashes($_POST['value']); - $content = json_decode($_POST['value'],true); if (!($template = self::instance(self::$request->template['name'], self::$request->template['template_set'], self::$request->template['version'], self::$request->template['load_via']))) @@ -400,6 +381,7 @@ class etemplate_new extends etemplate_widget_template */ public function read($name,$template_set=null,$lang='default',$group=0,$version='',$load_via='') { + unset($lang); unset($group); // not used, but in old signature $this->rel_path = self::relPath($this->name=$name, $this->template_set=$template_set, $this->version=$version, $this->laod_via = $load_via); //error_log(__METHOD__."('$name', '$template_set', '$lang', $group, '$version', '$load_via') rel_path=".array2string($this->rel_path)); @@ -551,7 +533,7 @@ class etemplate_new extends etemplate_widget_template */ static public function number_format($number,$num_decimal_places=2,$readonly=true) { - static $dec_separator,$thousands_separator; + static $dec_separator=null,$thousands_separator=null; if (is_null($dec_separator)) { $dec_separator = $GLOBALS['egw_info']['user']['preferences']['common']['number_format'][0]; @@ -624,7 +606,7 @@ class etemplate_new extends etemplate_widget_template } } // default etemplate class has to be defined by either extending etemplate_new or etemplate_old -class etemplate extends etemplate_old {}; +class etemplate extends etemplate_old {} // Try to discover all widgets, as names don't always match tags (eg: listbox is in menupopup) $files = scandir(EGW_INCLUDE_ROOT . '/etemplate/inc'); diff --git a/phpgwapi/js/jsapi/egw.js b/phpgwapi/js/jsapi/egw.js index 01e53f2a14..52b3bd914a 100644 --- a/phpgwapi/js/jsapi/egw.js +++ b/phpgwapi/js/jsapi/egw.js @@ -206,44 +206,21 @@ window.framework.setSidebox.apply(window.framework, JSON.parse(sidebox)); } - // load et2 - var data = egw_script.getAttribute('data-etemplate'); - if (data) - { - // Initialize application js - var callback = null; - // Only initialize once - if(typeof app[window.egw_appName] == "object") + // load etemplate2 template(s) + $j('div.et2_container[data-etemplate]').each(function(index, node){ + var data = JSON.parse(node.getAttribute('data-etemplate')) || {}; + var currentapp = data.data.currentapp || window.egw_appName; + if(popup || window.opener) { - callback = function(et2) {app[window.egw_appName].et2_ready(et2);}; + // Resize popup when et2 load is done + jQuery(node).one("load",function() { + window.resizeTo(jQuery(document).width()+20,jQuery(document).height()+70); + }); } - else - { - egw.debug("warn", "Did not load '%s' JS object",window.egw_appName); - } - // Wait until DOM loaded before we load the etemplate to make sure the target is there - $j(function() { - // Re-load data here, as later code may change the variable - var data = JSON.parse(egw_script.getAttribute('data-etemplate')) || {}; - var node = document.getElementById(data.DOMNodeID); - if(!node) - { - egw.debug("error", "Could not find target node %s", data.DOMNodeID); - } - else - { - if(popup || window.opener) - { - // Resize popup when et2 load is done - jQuery(node).one("load",function() { - window.resizeTo(jQuery(document).width()+20,jQuery(document).height()+70); - }); - } - var et2 = new etemplate2(node, window.egw_appName+".etemplate_new.ajax_process_content.etemplate"); - et2.load(data.name,data.url,data.data,callback); - } - }); - } + var et2 = new etemplate2(node, currentapp+".etemplate_new.ajax_process_content.etemplate"); + et2.load(data.name,data.url,data.data); + }); + $j(function() { // set app-header if (window.framework && egw_script.getAttribute('data-app-header'))