You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by xu...@apache.org on 2009/06/01 09:48:23 UTC
svn commit: r780581 -
/geronimo/server/trunk/plugins/console/console-filter/src/main/resources/XSRF.js
Author: xuhaihong
Date: Mon Jun 1 07:48:23 2009
New Revision: 780581
URL: http://svn.apache.org/viewvc?rev=780581&view=rev
Log:
GERONIMO-4641 XSSXSRFFilter cause some link failure
Modified:
geronimo/server/trunk/plugins/console/console-filter/src/main/resources/XSRF.js
Modified: geronimo/server/trunk/plugins/console/console-filter/src/main/resources/XSRF.js
URL: http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/console/console-filter/src/main/resources/XSRF.js?rev=780581&r1=780580&r2=780581&view=diff
==============================================================================
--- geronimo/server/trunk/plugins/console/console-filter/src/main/resources/XSRF.js (original)
+++ geronimo/server/trunk/plugins/console/console-filter/src/main/resources/XSRF.js Mon Jun 1 07:48:23 2009
@@ -22,8 +22,8 @@
var link = elements[i].getAttribute('href');
if (link != null && isURL(link) && link.indexOf('?') != -1) {
// add formId only if other attributes are present in link
- // Note: we cannot use setAttribute due to IE issues so we are using element.*=
- elements[i].href = link + '&formId=' + formID;
+ // Note: we cannot use setAttribute due to IE issues so we are using element.*=
+ Elements[i].href = link + '&formId=' + formID;
}
}
}
@@ -31,29 +31,30 @@
function updateForms() {
var forms = document.getElementsByTagName('form');
for (i=0; i<forms.length; i++) {
- if (forms[i].getAttribute('enctype').toLowerCase() == 'multipart/form-data'){ // add formId in action link
+ var et = forms[i].getAttribute('enctype');
+ if (et!=null && et.toLowerCase() == 'multipart/form-data'){ // add formId in action link
var link = forms[i].getAttribute('action');
if (link != null && isURL(link)) {
if (link.indexOf('?') == -1) {
- link = link + '?'
+ forms[i].action = link + '?formId=' + formID;
+ } else {
+ forms[i].action = link + '&formId=' + formID;
}
- // Note: we cannot use setAttribute due to IE issues so we are using element.*=
- forms[i].action = link + '&formId=' + formID;
}
} else {
var input = document.createElement('input');
- if (document.all) { //IE
+ if (document.all) { //IE
input.type = 'hidden';
input.name = 'formId';
input.value = formID;
- } else if (document.getElementById) { //firefox
+ } else if (document.getElementById) { //firefox
input.setAttribute('type', 'hidden');
input.setAttribute('name', 'formId');
input.setAttribute('value', formID);
}
forms[i].appendChild(input);
- }
- }
+ }
+ }
}
function updateOnclickLink(element) {
@@ -73,13 +74,14 @@
}
function isURL(link) {
- if ((typeof link == 'string') && link.constructor == String){
- if (link != '' && (link.substring(0, 4) == 'http' || link.substring(0, 1) == '/')){
- return true;
- }
- }
- return false;
+ if ((typeof link == 'string') && link.constructor == String){
+ if (link != '' && (link.substring(0, 4) == 'http' || link.substring(0, 1) == '/')){
+ return true;
+ }
+ }
+ return false;
}
+
updateLinks();
updateForms();
</script>