FHEM/fhem-mirror
2
0
Fork 0
mirror of https://github.com/fhem/fhem-mirror.git synced 2025-05-02 19:15:31 +00:00
Code Issues Releases Wiki Activity

98_DOIFtools.pm: fixed csrf issues

Browse Source 
git-svn-id: https://svn.fhem.de/fhem/trunk@13729 2b470e98-0d58-463d-a4d8-8e2adae1ed80
This commit is contained in:
Ellert 2017-03-18 16:36:50 +00:00
parent daff207ad2
commit 07927f93a0
1 changed files with 145 additions and 161 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
fhem/FHEM/98_DOIFtools.pm
View File

@ -46,17 +46,14 @@ sub DOIFtoolsDeleteStatReadings;
my @DOIFtools_we =();
my $DOIFtoolsJSfuncEM = <<'EOF';
<script type="text/javascript">
//functions
<script type="text/javascript">
//functions
function doiftoolsCopyToClipboard() {
var r = $("head").attr("root");
var myFW_root = FW_root;
if(r)
myFW_root = r;
FW_cmd(myFW_root+"?cmd={AttrVal(\"global\",\"language\",\"EN\")}&XHR=1", function(data){
var lang = data.match(/(DE|EN)/);
var lang = lang[1] == "DE" ? 1 : 0;
var lang = $('#doiftoolstype').attr('lang');
var txtarea = document.getElementById("console");
var start = txtarea.selectionStart;
var finish = txtarea.selectionEnd;
@ -160,7 +157,7 @@ function doiftoolsCopyToClipboard() {
$(this).dialog('close');
}}],
open:function(){
$("#evtCoM input[name='opType'],#evtCoM select").change(optChanged);
$("#evtCoM input[name='opType'],#evtCoM select").change(doiftoolsOptChanged);
}
});
} else if ($('#doiftoolstype').attr('devtype') == 'doiftools') {
@ -182,15 +179,14 @@ function doiftoolsCopyToClipboard() {
}
}}],
open:function(){
$("#evtCoM input[name='opType'],#evtCoM select").change(optChanged);
$("#evtCoM input[name='opType'],#evtCoM select").change(doiftoolsOptChanged);
}
});
}
});
}
function optChanged() {
function doiftoolsOptChanged() {
if ($('#doiftoolstype').attr('devtype') == 'doif') {
$("input#opditmp").val($("#evtCoM input:checked").next("label").text());
} else if ($('#doiftoolstype').attr('devtype') == 'doiftools') {
@ -203,38 +199,24 @@ function optChanged() {
}
}
function delbutton() {
var r = $("head").attr("root");
var myFW_root = FW_root;
if(r)
myFW_root = r;
FW_cmd(myFW_root+"?cmd={my @d = devspec2array('TYPE=DOIFtools');;return $d[0] ? $d[0] : ''}&XHR=1", function(data){
if (data) {
var dn = data;
FW_cmd(myFW_root+"?cmd={AttrVal(\""+dn+"\",\"DOIFtoolsEMbeforeReadings\",\"0\")}&XHR=1", function(data){
if (data == 1) {
function delbutton() {
if ($('#doiftoolstype').attr('embefore') == 1) {
var ins = document.getElementsByClassName('makeTable wide readings');
var del = document.getElementById('doiftoolscons');
if (del) {
ins[0].parentNode.insertBefore(del,ins[0]);
}
}
});
}
});
var del = document.getElementById('addRegexpPart');
if (del) {
removeEventListener ('DOMNodeInserted', delbutton);
$( window ).off( "load", delbutton );
del.parentNode.removeChild(del);
}
}
}
//execute
var ins = document.getElementById('doiftoolsdel');
addEventListener ('DOMNodeInserted', delbutton, false);
var ins = document.getElementById('console');
ins.addEventListener ('select', doiftoolsCopyToClipboard, false);
</script>
$( window ).on( "load", delbutton );
$('#console').on('select', doiftoolsCopyToClipboard);
</script>
EOF
my $DOIFtoolsJSfuncStart = <<'EOF';
<script type="text/javascript">
@ -339,7 +321,8 @@ sub DOIFtools_eM($$$$) {
$ret .= "<script type=\"text/javascript\" src=\"$FW_ME/pgm2/console.js\"></script>";
my $filter = $a ? ($a eq "log" ? "global" : $a) : ".*";
$ret .= "<div id='doiftoolscons'>";
$ret .= "<div id='doiftoolstype' devtype='doif'><br>";
my $embefore = AttrVal($dtn[0],"DOIFtoolsEMbeforeReadings","0") ? "1" : "";
$ret .= "<div id='doiftoolstype' devtype='doif' embefore='".$embefore."' lang='".($lang eq "DE" ? 1 : 0)."'><br>";
$ret .= "Events (Filter: <a href=\"#\" id=\"eventFilter\">$filter</a>) ".
"&nbsp;&nbsp;<span id=\"doiftoolsdel\" class='fhemlog'>FHEM log ".
"<input id='eventWithLog' type='checkbox'".
@ -528,7 +511,8 @@ sub DOIFtools_fhemwebFn($$$$) {
"<input id='eventWithLog' type='checkbox'".
($a && $a eq "log" ? " checked":"")."></span>".
"&nbsp;&nbsp;<button id='eventReset'>Reset</button>".($lang eq "DE" ? "&emsp;<b>Hinweis:</b> Eventzeile markieren, Operanden auswählen, neue Definition erzeugen" : "&emsp;<b>Hint:</b> select event line, choose operand, create definition")."</div>\n";
$ret .= "<div id='doiftoolstype' devtype='doiftools'>";
my $embefore = AttrVal($d,"DOIFtoolsEMbeforeReadings","0") ? "1" : "";
$ret .= "<div id='doiftoolstype' devtype='doiftools' embefore='".$embefore."' lang='".($lang eq "DE" ? 1 : 0)."'><br>";
$ret .= "<textarea id=\"console\" style=\"width:99%; top:.1em; bottom:1em; position:relative;\" readonly=\"readonly\" rows=\"25\" cols=\"60\" title=\"".($lang eq "DE" ? "Die Auswahl einer Event-Zeile zeigt Operanden für DOIF an, mit ihnen kann eine neue DOIF-Definition erzeugt werden." : "Selecting an event line displays operands for DOIFs definition, they are used to create a new DOIF definition.")."\"></textarea>";
$ret .= "</div>";
$ret .= $DOIFtoolsJSfuncEM;