jessikitty/Disco
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security: use more antiforgery tokens

Browse Source
This commit is contained in:
Gary Sharp
2025-07-25 12:32:44 +10:00
parent fd43d85778
commit 7deead494b
222 changed files with 12919 additions and 11728 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Disco.Web/Areas/Config/Views/UserFlag/Create.cshtml
+9 -8
View File
@@ -4,23 +4,24 @@
ViewBag.Title = Html.ToBreadcrumb("Configuration", MVC.Config.Config.Index(), "User Flags", MVC.Config.UserFlag.Index(null), "Create");
}
@using (Html.BeginForm())
{
@Html.HiddenFor(m => m.UserFlag.Icon)
@Html.HiddenFor(m => m.UserFlag.IconColour)
{
@Html.AntiForgeryToken()
<div class="form" style="width: 450px">
<table>
<tr>
<th>Name:
<th>
Name:
</th>
<td>
@Html.EditorFor(model => model.UserFlag.Name)<br />@Html.ValidationMessageFor(model => model.UserFlag.Name)
@Html.EditorFor(model => model.Name)<br />@Html.ValidationMessageFor(model => model.Name)
</td>
</tr>
<tr>
<th>Description:
<th>
Description:
</th>
<td>
@Html.EditorFor(model => model.UserFlag.Description)<br />@Html.ValidationMessageFor(model => model.UserFlag.Description)
@Html.EditorFor(model => model.Description)<br />@Html.ValidationMessageFor(model => model.Description)
</td>
</tr>
</table>
@@ -30,7 +31,7 @@
</div>
<script type="text/javascript">
$(function () {
$('#UserFlag_Name').focus().select();
$('#Name').focus().select();
});
</script>
}
Disco.Web/Areas/Config/Views/UserFlag/Create.generated.cs
+16 -29
View File
@@ -57,35 +57,21 @@ WriteLiteral("\r\n");
#line 6 "..\..\Areas\Config\Views\UserFlag\Create.cshtml"
using (Html.BeginForm())
{
{
#line default
#line hidden
#line 8 "..\..\Areas\Config\Views\UserFlag\Create.cshtml"
Write(Html.HiddenFor(m => m.UserFlag.Icon));
Write(Html.AntiForgeryToken());
#line default
#line hidden
#line 8 "..\..\Areas\Config\Views\UserFlag\Create.cshtml"
#line default
#line hidden
#line 9 "..\..\Areas\Config\Views\UserFlag\Create.cshtml"
Write(Html.HiddenFor(m => m.UserFlag.IconColour));
#line default
#line hidden
#line 9 "..\..\Areas\Config\Views\UserFlag\Create.cshtml"
#line default
@@ -96,14 +82,14 @@ WriteLiteral(" class=\"form\"");
WriteLiteral(" style=\"width: 450px\"");
WriteLiteral(">\r\n <table>\r\n <tr>\r\n <th>Name:\r\n " +
"</th>\r\n <td>\r\n");
WriteLiteral(">\r\n <table>\r\n <tr>\r\n <th>\r\n N" +
"ame:\r\n </th>\r\n <td>\r\n");
WriteLiteral(" ");
#line 16 "..\..\Areas\Config\Views\UserFlag\Create.cshtml"
Write(Html.EditorFor(model => model.UserFlag.Name));
Write(Html.EditorFor(model => model.Name));
#line default
@@ -112,19 +98,20 @@ WriteLiteral("<br />");
#line 16 "..\..\Areas\Config\Views\UserFlag\Create.cshtml"
Write(Html.ValidationMessageFor(model => model.UserFlag.Name));
Write(Html.ValidationMessageFor(model => model.Name));
#line default
#line hidden
WriteLiteral("\r\n </td>\r\n </tr>\r\n <tr>\r\n <th" +
">Description:\r\n </th>\r\n <td>\r\n");
">\r\n Description:\r\n </th>\r\n <td>" +
"\r\n");
WriteLiteral(" ");
#line 23 "..\..\Areas\Config\Views\UserFlag\Create.cshtml"
Write(Html.EditorFor(model => model.UserFlag.Description));
#line 24 "..\..\Areas\Config\Views\UserFlag\Create.cshtml"
Write(Html.EditorFor(model => model.Description));
#line default
@@ -132,8 +119,8 @@ WriteLiteral(" ");
WriteLiteral("<br />");
#line 23 "..\..\Areas\Config\Views\UserFlag\Create.cshtml"
Write(Html.ValidationMessageFor(model => model.UserFlag.Description));
#line 24 "..\..\Areas\Config\Views\UserFlag\Create.cshtml"
Write(Html.ValidationMessageFor(model => model.Description));
#line default
@@ -156,11 +143,11 @@ WriteLiteral(" <script");
WriteLiteral(" type=\"text/javascript\"");
WriteLiteral(">\r\n $(function () {\r\n $(\'#UserFlag_Name\').focus().select();\r\n " +
" });\r\n </script>\r\n");
WriteLiteral(">\r\n $(function () {\r\n $(\'#Name\').focus().select();\r\n });" +
"\r\n </script>\r\n");
#line 36 "..\..\Areas\Config\Views\UserFlag\Create.cshtml"
#line 37 "..\..\Areas\Config\Views\UserFlag\Create.cshtml"
}
#line default
Disco.Web/Areas/Config/Views/UserFlag/Show.cshtml
+47 -39
View File
@@ -38,7 +38,8 @@
</th>
<td>
@if (canConfig)
{@Html.EditorFor(model => model.UserFlag.Name)
{
@Html.EditorFor(model => model.UserFlag.Name)
@AjaxHelpers.AjaxSave()
@AjaxHelpers.AjaxLoader()
<script type="text/javascript">
@@ -64,7 +65,8 @@
</th>
<td>
@if (canConfig)
{@Html.EditorFor(model => model.UserFlag.Description)
{
@Html.EditorFor(model => model.UserFlag.Description)
@AjaxHelpers.AjaxSave()
@AjaxHelpers.AjaxLoader()
<script type="text/javascript">
@@ -111,8 +113,14 @@
@if (canConfig)
{
<div>
<a id="Config_UserFlags_Icon_Update" href="#" class="button small">Update</a>
<button id="Config_UserFlags_Icon_Update" type="button" class="button small">Update</button>
<div id="Config_UserFlags_Icon_Update_Dialog" class="dialog" title="User Flag Icon">
@using (Html.BeginForm(MVC.API.UserFlag.UpdateIconAndColour(id: Model.UserFlag.Id, redirect: true)))
{
@Html.AntiForgeryToken()
<input type="hidden" name="icon" />
<input type="hidden" name="iconColour" />
}
<div>
<div class="colours">
@foreach (var colour in Model.ThemeColours)
@@ -183,15 +191,11 @@
}
function save() {
var url = '@(Url.Action(MVC.API.UserFlag.UpdateIconAndColour(id: Model.UserFlag.Id, redirect: true)))',
data = {
Icon: icons.find('i.selected').attr('data-icon'),
IconColour: colours.find('i.selected').attr('data-colour')
};
window.location.href = url + '&' + $.param(data);
dialog.dialog("disable");
dialog.dialog("option", "buttons", null);
const $form = dialog.find('form');
$form.find('input[name="icon"]').val(icons.find('i.selected').attr('data-icon'));
$form.find('input[name="iconColour"]').val(colours.find('i.selected').attr('data-colour'));
$form.trigger('submit');
}
function cancel() {
@@ -391,7 +395,7 @@
UpdateUrl = Url.Action(MVC.API.UserFlag.UpdateAssignedUserDevicesLinkedGroup(Model.UserFlag.Id, redirect: true))
})
@if (canConfig)
{
{
@Html.Partial(MVC.Config.Shared.Views.LinkedGroupShared)
}
</div>
@@ -452,7 +456,8 @@
<div class="loading">
<h4><i class="fa fa-lg fa-cog fa-spin" title="Please Wait"></i>Loading current assignments...</h4>
</div>
<form action="#" method="post">
<form action="#" method="post" data-overrideaction="@(Url.Action(MVC.API.UserFlag.BulkAssignUsers(Model.UserFlag.Id, true)))" data-addaction="@(Url.Action(MVC.API.UserFlag.BulkAssignUsers(Model.UserFlag.Id, false)))">
@Html.AntiForgeryToken()
<textarea id="Config_UserFlags_BulkAssign_AssignDialog_UserIds" name="UserIds"></textarea>
<h4>Comments:</h4>
<textarea id="Config_UserFlags_BulkAssign_AssignDialog_Comments" name="Comments"></textarea>
@@ -512,8 +517,9 @@
assignDialog.dialog('option', 'buttons', buttons);
assignDialog.dialog('option', 'title', 'Bulk Assign Users: ' + mode);
const $form = assignUserIds.closest('form');
if (mode == "Override") {
assignUserIds.closest('form').attr('action', '@(Url.Action(MVC.API.UserFlag.BulkAssignUsers(Model.UserFlag.Id, true)))');
$form.attr('action', $form.attr('data-overrideaction'));
assignDialog.addClass('loading');
$.getJSON('@Url.Action(MVC.API.UserFlag.AssignedUsers(Model.UserFlag.Id))', function (response, result) {
@@ -533,7 +539,7 @@
}
else // Assume Add
{
assignUserIds.closest('form').attr('action', '@(Url.Action(MVC.API.UserFlag.BulkAssignUsers(Model.UserFlag.Id, false)))');
$form.attr('action', $form.attr('data-addaction'));
}
assignDialog.dialog('open');
@@ -548,8 +554,12 @@
}
@if (canDelete)
{
@Html.ActionLinkButton("Delete", MVC.API.UserFlag.Delete(Model.UserFlag.Id, true), "Config_UserFlags_Actions_Delete_Button")
<div id="Config_UserFlags_Actions_Delete_Dialog" title="Delete this User Flag?">
<button id="Config_UserFlags_Actions_Delete_Button" type="button" class="button">Delete</button>
<div id="Config_UserFlags_Actions_Delete_Dialog" title="Delete this User Flag?" class="dialog">
@using (Html.BeginForm(MVC.API.UserFlag.Delete(Model.UserFlag.Id, true)))
{
@Html.AntiForgeryToken()
}
<p>
<i class="fa fa-exclamation-triangle fa-lg warning"></i>
This item will be permanently deleted and cannot be recovered.<br />
@@ -565,29 +575,27 @@
</div>
<script type="text/javascript">
$(function () {
var button = $('#Config_UserFlags_Actions_Delete_Button');
var buttonDialog = $('#Config_UserFlags_Actions_Delete_Dialog');
var buttonLink = button.attr('href');
button.attr('href', '#');
button.click(function () {
buttonDialog.dialog('open');
return false;
});
buttonDialog.dialog({
resizable: false,
modal: true,
autoOpen: false,
buttons: {
"Delete": function () {
var $this = $(this);
$this.dialog("disable");
$this.dialog("option", "buttons", null);
window.location.href = buttonLink;
},
Cancel: function () {
$(this).dialog("close");
}
let buttonDialog = null;
$('#Config_UserFlags_Actions_Delete_Button').on('click', function () {
const $button = $(this);
if (!buttonDialog) {
buttonDialog = $('#Config_UserFlags_Actions_Delete_Dialog').dialog({
resizable: false,
modal: true,
autoOpen: false,
buttons: {
"Delete": function () {
$(this)
.dialog("option", "buttons", null)
.find('form').trigger('submit');
},
Cancel: function () {
$(this).dialog("close");
}
}
});
}
buttonDialog.dialog('open');
});
});
</script>
Disco.Web/Areas/Config/Views/UserFlag/Show.generated.cs
+337 -259
View File
File diff suppressed because it is too large Load Diff