geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From xuhaih...@apache.org
Subject svn commit: r780580 - /geronimo/server/branches/2.1/plugins/console/console-filter/src/main/resources/XSRF.js
Date Mon, 01 Jun 2009 07:46:51 GMT
Author: xuhaihong
Date: Mon Jun  1 07:46:51 2009
New Revision: 780580

URL: http://svn.apache.org/viewvc?rev=780580&view=rev
Log:
GERONIMO-4641 XSSXSRFFilter cause some link failure (Patch from Rex Wang)

Modified:
    geronimo/server/branches/2.1/plugins/console/console-filter/src/main/resources/XSRF.js

Modified: geronimo/server/branches/2.1/plugins/console/console-filter/src/main/resources/XSRF.js
URL: http://svn.apache.org/viewvc/geronimo/server/branches/2.1/plugins/console/console-filter/src/main/resources/XSRF.js?rev=780580&r1=780579&r2=780580&view=diff
==============================================================================
--- geronimo/server/branches/2.1/plugins/console/console-filter/src/main/resources/XSRF.js
(original)
+++ geronimo/server/branches/2.1/plugins/console/console-filter/src/main/resources/XSRF.js
Mon Jun  1 07:46:51 2009
@@ -22,38 +22,39 @@
         var link = elements[i].getAttribute('href');
         if (link != null && isURL(link) && link.indexOf('?') != -1) {
             // add formId only if other attributes are present in link
-           	// Note: we cannot use setAttribute due to IE issues so we are using element.*=
-          	elements[i].href = link + '&formId=' + formID;
+            // Note: we cannot use setAttribute due to IE issues so we are using element.*=
+            Elements[i].href = link + '&formId=' + formID;
         }
     }
 }
 
 function updateForms() {
-	var forms = document.getElementsByTagName('form');
-	for (i=0; i<forms.length; i++) {
-		if (forms[i].getAttribute('enctype').toLowerCase() == 'multipart/form-data'){ // add formId
in action link
+    var forms = document.getElementsByTagName('form');
+    for (i=0; i<forms.length; i++) {
+        var et = forms[i].getAttribute('enctype');
+        if (et!=null && et.toLowerCase() == 'multipart/form-data'){ // add formId
in action link
             var link = forms[i].getAttribute('action');
             if (link != null && isURL(link)) {
-            	if (link.indexOf('?') == -1) {
-            		link = link + '?'
-            	}
-           	    // Note: we cannot use setAttribute due to IE issues so we are using element.*=
-           	    forms[i].action = link + '&formId=' + formID;
+                if (link.indexOf('?') == -1) {
+                    forms[i].action = link + '?formId=' + formID;
+                } else {
+                    forms[i].action = link + '&formId=' + formID;
+                }
             }
         } else {
-        	var input = document.createElement('input');
-        	if (document.all) {		//IE
-        	    input.type = 'hidden';
-        	    input.name = 'formId';
-        	    input.value = formID;
-        	} else if (document.getElementById) {	//firefox
-        	    input.setAttribute('type', 'hidden');
-        	    input.setAttribute('name', 'formId');
-        	    input.setAttribute('value', formID);
-        	}
-        	forms[i].appendChild(input);
-        }
-	}
+            var input = document.createElement('input');
+            if (document.all) {    //IE
+                input.type = 'hidden';
+                input.name = 'formId';
+                input.value = formID;
+            } else if (document.getElementById) {  //firefox
+                input.setAttribute('type', 'hidden');
+                input.setAttribute('name', 'formId');
+                input.setAttribute('value', formID);
+            }
+            forms[i].appendChild(input);
+         }
+     }
 }
 
 function updateOnclickLink(element) {
@@ -73,13 +74,14 @@
 }
 
 function isURL(link) {
-   	if ((typeof link == 'string') && link.constructor == String){
-   	   	if (link != '' && (link.substring(0, 4) == 'http' || link.substring(0, 1)
== '/')){
-   	    	return true;
-   	    }
-   	}
-   	return false;
+    if ((typeof link == 'string') && link.constructor == String){
+        if (link != '' && (link.substring(0, 4) == 'http' || link.substring(0, 1)
== '/')){
+            return true;
+        }
+    }
+    return false;
 }
+
 updateLinks();
 updateForms();
 </script>



Mime
View raw message