jessikitty/Disco
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security: use more antiforgery tokens

Browse Source
This commit is contained in:
Gary Sharp
2025-07-25 12:32:44 +10:00
parent fd43d85778
commit 7deead494b
222 changed files with 12919 additions and 11728 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Disco.Web/Areas/Config/Views/DeviceFlag/Create.cshtml
+9 -8
View File
@@ -4,23 +4,24 @@
ViewBag.Title = Html.ToBreadcrumb("Configuration", MVC.Config.Config.Index(), "Device Flags", MVC.Config.DeviceFlag.Index(null), "Create");
}
@using (Html.BeginForm())
{
@Html.HiddenFor(m => m.DeviceFlag.Icon)
@Html.HiddenFor(m => m.DeviceFlag.IconColour)
{
@Html.AntiForgeryToken()
<div class="form" style="width: 450px">
<table>
<tr>
<th>Name:
<th>
Name:
</th>
<td>
@Html.EditorFor(model => model.DeviceFlag.Name)<br />@Html.ValidationMessageFor(model => model.DeviceFlag.Name)
@Html.EditorFor(model => model.Name)<br />@Html.ValidationMessageFor(model => model.Name)
</td>
</tr>
<tr>
<th>Description:
<th>
Description:
</th>
<td>
@Html.EditorFor(model => model.DeviceFlag.Description)<br />@Html.ValidationMessageFor(model => model.DeviceFlag.Description)
@Html.EditorFor(model => model.Description)<br />@Html.ValidationMessageFor(model => model.Description)
</td>
</tr>
</table>
@@ -30,7 +31,7 @@
</div>
<script type="text/javascript">
$(function () {
$('#DeviceFlag_Name').focus().select();
$('#Name').focus().select();
});
</script>
}
Disco.Web/Areas/Config/Views/DeviceFlag/Create.generated.cs
+16 -29
View File
@@ -57,35 +57,21 @@ WriteLiteral("\r\n");
#line 6 "..\..\Areas\Config\Views\DeviceFlag\Create.cshtml"
using (Html.BeginForm())
{
{
#line default
#line hidden
#line 8 "..\..\Areas\Config\Views\DeviceFlag\Create.cshtml"
Write(Html.HiddenFor(m => m.DeviceFlag.Icon));
Write(Html.AntiForgeryToken());
#line default
#line hidden
#line 8 "..\..\Areas\Config\Views\DeviceFlag\Create.cshtml"
#line default
#line hidden
#line 9 "..\..\Areas\Config\Views\DeviceFlag\Create.cshtml"
Write(Html.HiddenFor(m => m.DeviceFlag.IconColour));
#line default
#line hidden
#line 9 "..\..\Areas\Config\Views\DeviceFlag\Create.cshtml"
#line default
@@ -96,14 +82,14 @@ WriteLiteral(" class=\"form\"");
WriteLiteral(" style=\"width: 450px\"");
WriteLiteral(">\r\n <table>\r\n <tr>\r\n <th>Name:\r\n " +
"</th>\r\n <td>\r\n");
WriteLiteral(">\r\n <table>\r\n <tr>\r\n <th>\r\n N" +
"ame:\r\n </th>\r\n <td>\r\n");
WriteLiteral(" ");
#line 16 "..\..\Areas\Config\Views\DeviceFlag\Create.cshtml"
Write(Html.EditorFor(model => model.DeviceFlag.Name));
Write(Html.EditorFor(model => model.Name));
#line default
@@ -112,19 +98,20 @@ WriteLiteral("<br />");
#line 16 "..\..\Areas\Config\Views\DeviceFlag\Create.cshtml"
Write(Html.ValidationMessageFor(model => model.DeviceFlag.Name));
Write(Html.ValidationMessageFor(model => model.Name));
#line default
#line hidden
WriteLiteral("\r\n </td>\r\n </tr>\r\n <tr>\r\n <th" +
">Description:\r\n </th>\r\n <td>\r\n");
">\r\n Description:\r\n </th>\r\n <td>" +
"\r\n");
WriteLiteral(" ");
#line 23 "..\..\Areas\Config\Views\DeviceFlag\Create.cshtml"
Write(Html.EditorFor(model => model.DeviceFlag.Description));
#line 24 "..\..\Areas\Config\Views\DeviceFlag\Create.cshtml"
Write(Html.EditorFor(model => model.Description));
#line default
@@ -132,8 +119,8 @@ WriteLiteral(" ");
WriteLiteral("<br />");
#line 23 "..\..\Areas\Config\Views\DeviceFlag\Create.cshtml"
Write(Html.ValidationMessageFor(model => model.DeviceFlag.Description));
#line 24 "..\..\Areas\Config\Views\DeviceFlag\Create.cshtml"
Write(Html.ValidationMessageFor(model => model.Description));
#line default
@@ -156,11 +143,11 @@ WriteLiteral(" <script");
WriteLiteral(" type=\"text/javascript\"");
WriteLiteral(">\r\n $(function () {\r\n $(\'#DeviceFlag_Name\').focus().select();\r\n" +
" });\r\n </script>\r\n");
WriteLiteral(">\r\n $(function () {\r\n $(\'#Name\').focus().select();\r\n });" +
"\r\n </script>\r\n");
#line 36 "..\..\Areas\Config\Views\DeviceFlag\Create.cshtml"
#line 37 "..\..\Areas\Config\Views\DeviceFlag\Create.cshtml"
}
Disco.Web/Areas/Config/Views/DeviceFlag/Show.cshtml
+61 -55
View File
@@ -38,10 +38,10 @@
</th>
<td>
@if (canConfig)
{@Html.EditorFor(model => model.DeviceFlag.Name)
@AjaxHelpers.AjaxSave()
@AjaxHelpers.AjaxLoader()
<script type="text/javascript">
{@Html.EditorFor(model => model.DeviceFlag.Name)
@AjaxHelpers.AjaxSave()
@AjaxHelpers.AjaxLoader()
<script type="text/javascript">
$(function () {
document.DiscoFunctions.PropertyChangeHelper(
$('#DeviceFlag_Name'),
@@ -50,12 +50,12 @@
'FlagName'
);
});
</script>
}
else
{
@Model.DeviceFlag.Name
}
</script>
}
else
{
@Model.DeviceFlag.Name
}
</td>
</tr>
<tr>
@@ -65,9 +65,9 @@
<td>
@if (canConfig)
{@Html.EditorFor(model => model.DeviceFlag.Description)
@AjaxHelpers.AjaxSave()
@AjaxHelpers.AjaxLoader()
<script type="text/javascript">
@AjaxHelpers.AjaxSave()
@AjaxHelpers.AjaxLoader()
<script type="text/javascript">
$(function () {
document.DiscoFunctions.PropertyChangeHelper(
$('#DeviceFlag_Description'),
@@ -76,11 +76,11 @@
'Description'
);
});
</script>
}
else
{
<pre>
</script>
}
else
{
<pre>
@if (string.IsNullOrEmpty(Model.DeviceFlag.Description))
{
<text>&lt;None&gt;</text>
@@ -90,7 +90,7 @@
@Model.DeviceFlag.Description.ToHtmlComment()
}
</pre>
}
}
</td>
</tr>
<tr>
@@ -113,6 +113,12 @@
<div>
<a id="Config_DeviceFlags_Icon_Update" href="#" class="button small">Update</a>
<div id="Config_DeviceFlags_Icon_Update_Dialog" class="dialog" title="Device Flag Icon">
@using (Html.BeginForm(MVC.API.DeviceFlag.UpdateIconAndColour(id: Model.DeviceFlag.Id, redirect: true)))
{
@Html.AntiForgeryToken()
<input type="hidden" name="icon" />
<input type="hidden" name="iconColour" />
}
<div>
<div class="colours">
@foreach (var colour in Model.ThemeColours)
@@ -183,15 +189,11 @@
}
function save() {
var url = '@(Url.Action(MVC.API.DeviceFlag.UpdateIconAndColour(id: Model.DeviceFlag.Id, redirect: true)))',
data = {
Icon: icons.find('i.selected').attr('data-icon'),
IconColour: colours.find('i.selected').attr('data-colour')
};
window.location.href = url + '&' + $.param(data);
dialog.dialog("disable");
dialog.dialog("option", "buttons", null);
const $form = dialog.find('form');
$form.find('input[name="icon"]').val(icons.find('i.selected').attr('data-icon'));
$form.find('input[name="iconColour"]').val(colours.find('i.selected').attr('data-colour'));
$form.trigger('submit');
}
function cancel() {
@@ -391,7 +393,7 @@
UpdateUrl = Url.Action(MVC.API.DeviceFlag.UpdateAssignedUserLinkedGroup(Model.DeviceFlag.Id, redirect: true))
})
@if (canConfig)
{
{
@Html.Partial(MVC.Config.Shared.Views.LinkedGroupShared)
}
</div>
@@ -442,7 +444,8 @@
<div class="loading">
<h4><i class="fa fa-lg fa-cog fa-spin" title="Please Wait"></i>Loading current assignments...</h4>
</div>
<form action="#" method="post">
<form action="#" method="post" data-overrideaction="@(Url.Action(MVC.API.DeviceFlag.BulkAssignDevices(Model.DeviceFlag.Id, true)))" data-addaction="@(Url.Action(MVC.API.DeviceFlag.BulkAssignDevices(Model.DeviceFlag.Id, false)))">
@Html.AntiForgeryToken()
<textarea id="Config_DeviceFlags_BulkAssign_AssignDialog_DeviceSerialNumbers" name="DeviceSerialNumbers"></textarea>
<h4>Comments:</h4>
<textarea id="Config_DeviceFlags_BulkAssign_AssignDialog_Comments" name="Comments"></textarea>
@@ -502,8 +505,9 @@
assignDialog.dialog('option', 'buttons', buttons);
assignDialog.dialog('option', 'title', 'Bulk Assign Devices: ' + mode);
const $form = assignDeviceSerialNumbers.closest('form');
if (mode == "Override") {
assignDeviceSerialNumbers.closest('form').attr('action', '@(Url.Action(MVC.API.DeviceFlag.BulkAssignDevices(Model.DeviceFlag.Id, true)))');
$form.attr('action', $form.attr('data-overrideaction'));
assignDialog.addClass('loading');
$.getJSON('@Url.Action(MVC.API.DeviceFlag.AssignedDevices(Model.DeviceFlag.Id))', function (response, result) {
@@ -523,7 +527,7 @@
}
else // Assume Add
{
assignDeviceSerialNumbers.closest('form').attr('action', '@(Url.Action(MVC.API.DeviceFlag.BulkAssignDevices(Model.DeviceFlag.Id, false)))');
$form.attr('action', $form.attr('data-addaction'));
}
assignDialog.dialog('open');
@@ -538,8 +542,12 @@
}
@if (canDelete)
{
@Html.ActionLinkButton("Delete", MVC.API.DeviceFlag.Delete(Model.DeviceFlag.Id, true), "Config_DeviceFlags_Actions_Delete_Button")
<div id="Config_DeviceFlags_Actions_Delete_Dialog" title="Delete this Device Flag?">
<button id="Config_DeviceFlags_Actions_Delete_Button" type="button" class="button">Delete</button>
<div id="Config_DeviceFlags_Actions_Delete_Dialog" class="dialog" title="Delete this Device Flag?">
@using (Html.BeginForm(MVC.API.DeviceFlag.Delete(Model.DeviceFlag.Id, true)))
{
@Html.AntiForgeryToken()
}
<p>
<i class="fa fa-exclamation-triangle fa-lg warning"></i>
This item will be permanently deleted and cannot be recovered.<br />
@@ -555,29 +563,27 @@
</div>
<script type="text/javascript">
$(function () {
var button = $('#Config_DeviceFlags_Actions_Delete_Button');
var buttonDialog = $('#Config_DeviceFlags_Actions_Delete_Dialog');
var buttonLink = button.attr('href');
button.attr('href', '#');
button.click(function () {
buttonDialog.dialog('open');
return false;
});
buttonDialog.dialog({
resizable: false,
modal: true,
autoOpen: false,
buttons: {
"Delete": function () {
var $this = $(this);
$this.dialog("disable");
$this.dialog("option", "buttons", null);
window.location.href = buttonLink;
},
Cancel: function () {
$(this).dialog("close");
}
let buttonDialog = null;
$('#Config_DeviceFlags_Actions_Delete_Button').on('click', function () {
const $button = $(this);
if (!buttonDialog) {
buttonDialog = $('#Config_DeviceFlags_Actions_Delete_Dialog').dialog({
resizable: false,
modal: true,
autoOpen: false,
buttons: {
"Delete": function () {
$(this)
.dialog("option", "buttons", null)
.find('form').trigger('submit');
},
Cancel: function () {
$(this).dialog("close");
}
}
});
}
buttonDialog.dialog('open');
});
});
</script>
Disco.Web/Areas/Config/Views/DeviceFlag/Show.generated.cs
+302 -225
View File
File diff suppressed because it is too large Load Diff