Rooba
/
boinc
mirror of https://github.com/BOINC/boinc.git
1
0
Fork 0
Code Issues 1 Packages Projects Releases Wiki Activity

Drupal: SA-CORE-2020-007 fix for ctools 

https://dev.gridrepublic.org/browse/DBOINCP-530
This commit is contained in:
Oliver Behnke 2020-09-17 11:04:46 +02:00
parent b6a799956c
commit 8e3657e90c
2 changed files with 14 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
drupal/sites/default/boinc/modules/contrib/ctools/ctools.info
View File

@ -3,8 +3,8 @@ description = A library of helpful tools by Merlin of Chaos.
core = 6.x core = 6.x
package = Chaos tool suite package = Chaos tool suite
; Information added by Drupal.org packaging script on 2015-12-22 ; Information added by Drupal.org packaging script on 2015-12-22
version = "6.x-1.15-boinc-2-dev" version = "6.x-1.15-boinc-3-dev"
core = "6.x" core = "6.x"
project = "ctools" project = "ctools"
datestamp = "1548704188" datestamp = "1600333247"

20
drupal/sites/default/boinc/modules/contrib/ctools/js/ajax-responder.js
View File

@ -50,7 +50,7 @@
var $objects = $('a[href="' + old_url + '"]'); var $objects = $('a[href="' + old_url + '"]');
$objects.addClass('ctools-fetching'); $objects.addClass('ctools-fetching');
try { try {
var url = Drupal.CTools.AJAX.urlReplaceNojs(url); var url = Drupal.sanitizeAjaxUrl(Drupal.CTools.AJAX.urlReplaceNojs(url));
var ajaxOptions = { var ajaxOptions = {
type: "POST", type: "POST",
url: url, url: url,
@ -68,7 +68,8 @@
complete: function() { complete: function() {
$objects.removeClass('ctools-fetching'); $objects.removeClass('ctools-fetching');
}, },
dataType: 'json' dataType: 'json',
jsonp: false
}; };
$.ajax(ajaxOptions); $.ajax(ajaxOptions);
} }
@ -117,7 +118,7 @@
} }
$(this).addClass('ctools-ajaxing'); $(this).addClass('ctools-ajaxing');
try { try {
url = Drupal.CTools.AJAX.urlReplaceNojs(url); url = Drupal.sanitizeAjaxUrl(Drupal.CTools.AJAX.urlReplaceNojs(url));
$.ajax({ $.ajax({
type: "POST", type: "POST",
url: url, url: url,
@ -131,7 +132,8 @@
complete: function() { complete: function() {
$('.ctools-ajaxing').removeClass('ctools-ajaxing'); $('.ctools-ajaxing').removeClass('ctools-ajaxing');
}, },
dataType: 'json' dataType: 'json',
jsonp: false
}); });
} }
catch (err) { catch (err) {
@ -159,7 +161,7 @@
$(this).addClass('ctools-ajaxing'); $(this).addClass('ctools-ajaxing');
try { try {
if (url) { if (url) {
url = Drupal.CTools.AJAX.urlReplaceNojs(url); url = Drupal.sanitizeAjaxUrl(Drupal.CTools.AJAX.urlReplaceNojs(url));
$.ajax({ $.ajax({
type: "POST", type: "POST",
url: url, url: url,
@ -173,7 +175,8 @@
complete: function() { complete: function() {
$('.ctools-ajaxing').removeClass('ctools-ajaxing'); $('.ctools-ajaxing').removeClass('ctools-ajaxing');
}, },
dataType: 'json' dataType: 'json',
jsonp: false
}); });
} }
else { else {
@ -329,7 +332,7 @@
var form_id = $object.parents('form').get(0).id; var form_id = $object.parents('form').get(0).id;
try { try {
if (url) { if (url) {
url = Drupal.CTools.AJAX.urlReplaceNojs(url); url = Drupal.sanitizeAjaxUrl(Drupal.CTools.AJAX.urlReplaceNojs(url));
$.ajax({ $.ajax({
type: "POST", type: "POST",
url: url, url: url,
@ -346,7 +349,8 @@
$('form#' + form_id).submit(); $('form#' + form_id).submit();
} }
}, },
dataType: 'json' dataType: 'json',
jsonp: false
}); });
} }
else { else {