FHEM/fhem-mirror
2
0
Fork 0
mirror of https://github.com/fhem/fhem-mirror.git synced 2025-05-03 13:45:36 +00:00
Code Issues Releases Wiki Activity

98_DOIFtools.pm: fixed csrf issues

Browse Source 
git-svn-id: https://svn.fhem.de/fhem/trunk@13729 2b470e98-0d58-463d-a4d8-8e2adae1ed80
This commit is contained in:
Ellert 2017-03-18 16:36:50 +00:00
parent daff207ad2
commit 07927f93a0
1 changed files with 145 additions and 161 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
fhem/FHEM/98_DOIFtools.pm
View File

@ -53,10 +53,7 @@ function doiftoolsCopyToClipboard() {
var myFW_root = FW_root; var myFW_root = FW_root;
if(r) if(r)
myFW_root = r; myFW_root = r;
FW_cmd(myFW_root+"?cmd={AttrVal(\"global\",\"language\",\"EN\")}&XHR=1", function(data){ var lang = $('#doiftoolstype').attr('lang');
var lang = data.match(/(DE|EN)/);
var lang = lang[1] == "DE" ? 1 : 0;
var txtarea = document.getElementById("console"); var txtarea = document.getElementById("console");
var start = txtarea.selectionStart; var start = txtarea.selectionStart;
var finish = txtarea.selectionEnd; var finish = txtarea.selectionEnd;
@ -160,7 +157,7 @@ function doiftoolsCopyToClipboard() {
$(this).dialog('close'); $(this).dialog('close');
}}], }}],
open:function(){ open:function(){
$("#evtCoM input[name='opType'],#evtCoM select").change(optChanged); $("#evtCoM input[name='opType'],#evtCoM select").change(doiftoolsOptChanged);
} }
}); });
} else if ($('#doiftoolstype').attr('devtype') == 'doiftools') { } else if ($('#doiftoolstype').attr('devtype') == 'doiftools') {
@ -182,15 +179,14 @@ function doiftoolsCopyToClipboard() {
} }
}}], }}],
open:function(){ open:function(){
$("#evtCoM input[name='opType'],#evtCoM select").change(optChanged); $("#evtCoM input[name='opType'],#evtCoM select").change(doiftoolsOptChanged);
} }
}); });
} }
});
} }
function optChanged() { function doiftoolsOptChanged() {
if ($('#doiftoolstype').attr('devtype') == 'doif') { if ($('#doiftoolstype').attr('devtype') == 'doif') {
$("input#opditmp").val($("#evtCoM input:checked").next("label").text()); $("input#opditmp").val($("#evtCoM input:checked").next("label").text());
} else if ($('#doiftoolstype').attr('devtype') == 'doiftools') { } else if ($('#doiftoolstype').attr('devtype') == 'doiftools') {
@ -204,36 +200,22 @@ function optChanged() {
} }
function delbutton() { function delbutton() {
var r = $("head").attr("root"); if ($('#doiftoolstype').attr('embefore') == 1) {
var myFW_root = FW_root;
if(r)
myFW_root = r;
FW_cmd(myFW_root+"?cmd={my @d = devspec2array('TYPE=DOIFtools');;return $d[0] ? $d[0] : ''}&XHR=1", function(data){
if (data) {
var dn = data;
FW_cmd(myFW_root+"?cmd={AttrVal(\""+dn+"\",\"DOIFtoolsEMbeforeReadings\",\"0\")}&XHR=1", function(data){
if (data == 1) {
var ins = document.getElementsByClassName('makeTable wide readings'); var ins = document.getElementsByClassName('makeTable wide readings');
var del = document.getElementById('doiftoolscons'); var del = document.getElementById('doiftoolscons');
if (del) { if (del) {
ins[0].parentNode.insertBefore(del,ins[0]); ins[0].parentNode.insertBefore(del,ins[0]);
} }
} }
});
}
});
var del = document.getElementById('addRegexpPart'); var del = document.getElementById('addRegexpPart');
if (del) { if (del) {
removeEventListener ('DOMNodeInserted', delbutton); $( window ).off( "load", delbutton );
del.parentNode.removeChild(del); del.parentNode.removeChild(del);
} }
} }
//execute //execute
var ins = document.getElementById('doiftoolsdel'); $( window ).on( "load", delbutton );
addEventListener ('DOMNodeInserted', delbutton, false); $('#console').on('select', doiftoolsCopyToClipboard);
var ins = document.getElementById('console');
ins.addEventListener ('select', doiftoolsCopyToClipboard, false);
</script> </script>
EOF EOF
my $DOIFtoolsJSfuncStart = <<'EOF'; my $DOIFtoolsJSfuncStart = <<'EOF';
@ -339,7 +321,8 @@ sub DOIFtools_eM($$$$) {
$ret .= "<script type=\"text/javascript\" src=\"$FW_ME/pgm2/console.js\"></script>"; $ret .= "<script type=\"text/javascript\" src=\"$FW_ME/pgm2/console.js\"></script>";
my $filter = $a ? ($a eq "log" ? "global" : $a) : ".*"; my $filter = $a ? ($a eq "log" ? "global" : $a) : ".*";
$ret .= "<div id='doiftoolscons'>"; $ret .= "<div id='doiftoolscons'>";
$ret .= "<div id='doiftoolstype' devtype='doif'><br>"; my $embefore = AttrVal($dtn[0],"DOIFtoolsEMbeforeReadings","0") ? "1" : "";
$ret .= "<div id='doiftoolstype' devtype='doif' embefore='".$embefore."' lang='".($lang eq "DE" ? 1 : 0)."'><br>";
$ret .= "Events (Filter: <a href=\"#\" id=\"eventFilter\">$filter</a>) ". $ret .= "Events (Filter: <a href=\"#\" id=\"eventFilter\">$filter</a>) ".
"&nbsp;&nbsp;<span id=\"doiftoolsdel\" class='fhemlog'>FHEM log ". "&nbsp;&nbsp;<span id=\"doiftoolsdel\" class='fhemlog'>FHEM log ".
"<input id='eventWithLog' type='checkbox'". "<input id='eventWithLog' type='checkbox'".
@ -528,7 +511,8 @@ sub DOIFtools_fhemwebFn($$$$) {
"<input id='eventWithLog' type='checkbox'". "<input id='eventWithLog' type='checkbox'".
($a && $a eq "log" ? " checked":"")."></span>". ($a && $a eq "log" ? " checked":"")."></span>".
"&nbsp;&nbsp;<button id='eventReset'>Reset</button>".($lang eq "DE" ? "&emsp;<b>Hinweis:</b> Eventzeile markieren, Operanden auswählen, neue Definition erzeugen" : "&emsp;<b>Hint:</b> select event line, choose operand, create definition")."</div>\n"; "&nbsp;&nbsp;<button id='eventReset'>Reset</button>".($lang eq "DE" ? "&emsp;<b>Hinweis:</b> Eventzeile markieren, Operanden auswählen, neue Definition erzeugen" : "&emsp;<b>Hint:</b> select event line, choose operand, create definition")."</div>\n";
$ret .= "<div id='doiftoolstype' devtype='doiftools'>"; my $embefore = AttrVal($d,"DOIFtoolsEMbeforeReadings","0") ? "1" : "";
$ret .= "<div id='doiftoolstype' devtype='doiftools' embefore='".$embefore."' lang='".($lang eq "DE" ? 1 : 0)."'><br>";
$ret .= "<textarea id=\"console\" style=\"width:99%; top:.1em; bottom:1em; position:relative;\" readonly=\"readonly\" rows=\"25\" cols=\"60\" title=\"".($lang eq "DE" ? "Die Auswahl einer Event-Zeile zeigt Operanden für DOIF an, mit ihnen kann eine neue DOIF-Definition erzeugt werden." : "Selecting an event line displays operands for DOIFs definition, they are used to create a new DOIF definition.")."\"></textarea>"; $ret .= "<textarea id=\"console\" style=\"width:99%; top:.1em; bottom:1em; position:relative;\" readonly=\"readonly\" rows=\"25\" cols=\"60\" title=\"".($lang eq "DE" ? "Die Auswahl einer Event-Zeile zeigt Operanden für DOIF an, mit ihnen kann eine neue DOIF-Definition erzeugt werden." : "Selecting an event line displays operands for DOIFs definition, they are used to create a new DOIF definition.")."\"></textarea>";
$ret .= "</div>"; $ret .= "</div>";
$ret .= $DOIFtoolsJSfuncEM; $ret .= $DOIFtoolsJSfuncEM;