Having embedded JavaScript read the session cookie directly
is unnecessary and prevents the CGISESSID cookie being marked
httpOnly as a security measure. The only Koha JS attempting
this was the AJAX tags code.
To test:
- In general, verify that there are no regression withs
adding tags in the OPAC or reviewing them in the staff interface.
- In specific, for the OPAC
- log into the OPAC
- retrieve a bib record
- add a tag
- refresh the bib details page to verify that the
tag was added
- make sure the TagsInputOnList syspref is on
- perform a search
- add a tag to more than one record from the search results page
- repeat the preceding using the CCSR theme
- And in the staff interface
- Go to the review tags tool
- Reject a tag
- Refresh to verify that the tag was rejected
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
$('#test_button').removeAttr("disabled");
$('#test_button').attr("value","test");
};
$('#test_button').removeAttr("disabled");
$('#test_button').attr("value","test");
};
- function readCookie(name) { // from http://www.quirksmode.org/js/cookies.html
- var nameEQ = name + "=";
- var ca = document.cookie.split(';');
- for(var i=0;i < ca.length;i++) {
- var c = ca[i];
- while (c.charAt(0)==' '){ c = c.substring(1,c.length); }
- if (c.indexOf(nameEQ) == 0){ return c.substring(nameEQ.length,c.length); }
- }
- return null;
- }
$(document).ready(function() {
$('.ajax_buttons' ).css({visibility:"visible"});
$("p.check").html("<strong>"+_("Select:")+" <\/strong><a id=\"CheckAll\" href=\"/cgi-bin/koha/tags/review.pl\">"+_("All")+"<\/a> <a id=\"CheckPending\" href=\"/cgi-bin/koha/tags/review.pl\">"+_("Pending")+"<\/a> <a id=\"CheckNone\" href=\"/cgi-bin/koha/tags/review.pl\">"+_("None")+"<\/a>");
$(document).ready(function() {
$('.ajax_buttons' ).css({visibility:"visible"});
$("p.check").html("<strong>"+_("Select:")+" <\/strong><a id=\"CheckAll\" href=\"/cgi-bin/koha/tags/review.pl\">"+_("All")+"<\/a> <a id=\"CheckPending\" href=\"/cgi-bin/koha/tags/review.pl\">"+_("Pending")+"<\/a> <a id=\"CheckNone\" href=\"/cgi-bin/koha/tags/review.pl\">"+_("None")+"<\/a>");
// window.alert(_("Click detected on ") + event.target + ": " + $(event.target).html);
if ($(event.target).is('.ok')) {
$.ajax({
// window.alert(_("Click detected on ") + event.target + ": " + $(event.target).html);
if ($(event.target).is('.ok')) {
$.ajax({
- "data": {ok: $(event.target).attr("title"), CGISESSID: readCookie('CGISESSID')},
+ "data": {ok: $(event.target).attr("title")},
"success": count_approve // success_approve
});
$(event.target).next(".rej").removeAttr("disabled").attr("value","Reject").css("color","#000");
"success": count_approve // success_approve
});
$(event.target).next(".rej").removeAttr("disabled").attr("value","Reject").css("color","#000");
}
if ($(event.target).is('.rej')) {
$.ajax({
}
if ($(event.target).is('.rej')) {
$.ajax({
- "data": {rej: $(event.target).attr("title"), CGISESSID: readCookie('CGISESSID')},
+ "data": {rej: $(event.target).attr("title")},
"success": count_reject // success_reject
});
$(event.target).prev(".ok").removeAttr("disabled").attr("value","Approve").css("color","#000");
"success": count_reject // success_reject
});
$(event.target).prev(".ok").removeAttr("disabled").attr("value","Approve").css("color","#000");
/**
* A namespace for Tags related functions.
/**
* A namespace for Tags related functions.
-* readCookie is expected to already be declared. That's why the assignment below is unscoped.
-* readCookie should be from basket.js or undefined.
$.ajaxSetup({
url: "/cgi-bin/koha/opac-tags.pl",
$.ajaxSetup({
url: "/cgi-bin/koha/opac-tags.pl",
dataType: "script"
});
*/
dataType: "script"
});
*/
-if (typeof(readCookie) == "undefined") {
- readCookie = function (name) { // from http://www.quirksmode.org/js/cookies.html
- var nameEQ = name + "=";
- var ca = document.cookie.split(';');
- for (var i=0;i < ca.length;i++) {
- var c = ca[i];
- while (c.charAt(0)==' '){ c = c.substring(1,c.length); }
- if (c.indexOf(nameEQ) == 0){ return c.substring(nameEQ.length,c.length); }
- }
- return null;
- }
-}
KOHA.Tags = {
add_tag_button: function(bibnum, tag){
var mynewtag = "newtag" + bibnum;
var mytagid = "#" + mynewtag;
KOHA.Tags = {
add_tag_button: function(bibnum, tag){
var mynewtag = "newtag" + bibnum;
var mytagid = "#" + mynewtag;
- var mydata = {CGISESSID: readCookie('CGISESSID')}; // Someday this should be OPACSESSID
- mydata[mynewtag] = tag; // need [bracket] for variable property id
+ var mydata = {};
+ mydata[mynewtag] = tag;
var response; // AJAX from server will assign value to response.
$.post(
"/cgi-bin/koha/opac-tags.pl",
var response; // AJAX from server will assign value to response.
$.post(
"/cgi-bin/koha/opac-tags.pl",
// Used to tag multiple items at once. The main difference
// is that status is displayed on a per item basis.
add_multitags_button : function(bibarray, tag){
// Used to tag multiple items at once. The main difference
// is that status is displayed on a per item basis.
add_multitags_button : function(bibarray, tag){
- var mydata = {CGISESSID: readCookie('CGISESSID')}; // Someday this should be OPACSESSID
for (var i = 0; i < bibarray.length; i++) {
var mynewtag = "newtag" + bibarray[i];
mydata[mynewtag] = tag;
for (var i = 0; i < bibarray.length; i++) {
var mynewtag = "newtag" + bibarray[i];
mydata[mynewtag] = tag;
/**
* A namespace for Tags related functions.
/**
* A namespace for Tags related functions.
-* readCookie is expected to already be declared. That's why the assignment below is unscoped.
-* readCookie should be from basket.js or undefined.
$.ajaxSetup({
url: "/cgi-bin/koha/opac-tags.pl",
$.ajaxSetup({
url: "/cgi-bin/koha/opac-tags.pl",
dataType: "script"
});
*/
dataType: "script"
});
*/
-if (typeof(readCookie) == "undefined") {
- readCookie = function (name) { // from http://www.quirksmode.org/js/cookies.html
- var nameEQ = name + "=";
- var ca = document.cookie.split(';');
- for (var i=0;i < ca.length;i++) {
- var c = ca[i];
- while (c.charAt(0)==' '){ c = c.substring(1,c.length); }
- if (c.indexOf(nameEQ) == 0){ return c.substring(nameEQ.length,c.length); }
- }
- return null;
- }
-}
KOHA.Tags = {
add_tag_button: function(bibnum, tag){
var mynewtag = "newtag" + bibnum;
var mytagid = "#" + mynewtag;
KOHA.Tags = {
add_tag_button: function(bibnum, tag){
var mynewtag = "newtag" + bibnum;
var mytagid = "#" + mynewtag;
- var mydata = {CGISESSID: readCookie('CGISESSID')}; // Someday this should be OPACSESSID
- mydata[mynewtag] = tag; // need [bracket] for variable property id
+ var mydata = {};
+ mydata[mynewtag] = tag;
var response; // AJAX from server will assign value to response.
$.post(
"/cgi-bin/koha/opac-tags.pl",
var response; // AJAX from server will assign value to response.
$.post(
"/cgi-bin/koha/opac-tags.pl",
// Used to tag multiple items at once. The main difference
// is that status is displayed on a per item basis.
add_multitags_button : function(bibarray, tag){
// Used to tag multiple items at once. The main difference
// is that status is displayed on a per item basis.
add_multitags_button : function(bibarray, tag){
- var mydata = {CGISESSID: readCookie('CGISESSID')}; // Someday this should be OPACSESSID
for (var i = 0; i < bibarray.length; i++) {
var mynewtag = "newtag" + bibarray[i];
mydata[mynewtag] = tag;
for (var i = 0; i < bibarray.length; i++) {
var mynewtag = "newtag" + bibarray[i];
mydata[mynewtag] = tag;
my $needed_flags = shift;
my %cookies = fetch CGI::Cookie;
my $input = CGI->new;
my $needed_flags = shift;
my %cookies = fetch CGI::Cookie;
my $input = CGI->new;
- my $sessid = $cookies{'CGISESSID'}->value || $input->param('CGISESSID');
+ my $sessid = $cookies{'CGISESSID'}->value;
my ($auth_status, $auth_sessid) = check_cookie_auth($sessid, $needed_flags);
$debug and
print STDERR "($auth_status, $auth_sessid) = check_cookie_auth($sessid," . Dumper($needed_flags) . ")\n";
my ($auth_status, $auth_sessid) = check_cookie_auth($sessid, $needed_flags);
$debug and
print STDERR "($auth_status, $auth_sessid) = check_cookie_auth($sessid," . Dumper($needed_flags) . ")\n";
my $needed_flags = shift;
my %cookies = fetch CGI::Cookie;
my $input = CGI->new;
my $needed_flags = shift;
my %cookies = fetch CGI::Cookie;
my $input = CGI->new;
- my $sessid = $cookies{'CGISESSID'}->value || $input->param('CGISESSID');
+ my $sessid = $cookies{'CGISESSID'}->value;
my ($auth_status, $auth_sessid) = check_cookie_auth($sessid, $needed_flags);
$debug and
print STDERR "($auth_status, $auth_sessid) = check_cookie_auth($sessid," . Dumper($needed_flags) . ")\n";
my ($auth_status, $auth_sessid) = check_cookie_auth($sessid, $needed_flags);
$debug and
print STDERR "($auth_status, $auth_sessid) = check_cookie_auth($sessid," . Dumper($needed_flags) . ")\n";