include csrf token and fix escaping for admin scripts
This commit is contained in:
Nabeel Shahzad
3
resources/js/bootstrap.js
vendored
3
resources/js/bootstrap.js
vendored
@@ -24,6 +24,9 @@ const token = document.head.querySelector('meta[name="csrf-token"]');
|
||||
|
||||
if (token) {
|
||||
window.axios.defaults.headers.common['X-CSRF-TOKEN'] = token.content;
|
||||
window.jquery.ajaxSetup({
|
||||
'X-CSRF-TOKEN': token.content
|
||||
})
|
||||
} else {
|
||||
console.error('CSRF token not found: https://laravel.com/docs/csrf#csrf-x-csrf-token');
|
||||
}
|
||||
|
||||
@@ -1,14 +1,24 @@
|
||||
@section('scripts')
|
||||
<script>
|
||||
function setEditable() {
|
||||
|
||||
const token = $('meta[name="csrf-token"]').attr('content');
|
||||
|
||||
@if(isset($aircraft))
|
||||
$('#expenses a.text').editable({
|
||||
emptytext: '0',
|
||||
url: '{{ url('/admin/aircraft/'.$aircraft->id.'/expenses') }}',
|
||||
title: 'Enter override value',
|
||||
ajaxOptions: {'type': 'put'},
|
||||
ajaxOptions: {
|
||||
type: 'post',
|
||||
headers: {
|
||||
'x-api-key': '{{ Auth::user()->api_key }}',
|
||||
'X-CSRF-TOKEN': token,
|
||||
}
|
||||
},
|
||||
params: function (params) {
|
||||
return {
|
||||
_method: 'put',
|
||||
expense_id: params.pk,
|
||||
name: params.name,
|
||||
value: params.value
|
||||
@@ -19,12 +29,19 @@ function setEditable() {
|
||||
$('#expenses a.dropdown').editable({
|
||||
type: 'select',
|
||||
emptytext: '0',
|
||||
source: {{ json_encode(list_to_editable(\App\Models\Enums\ExpenseType::select())) }},
|
||||
source: {!! json_encode(list_to_editable(\App\Models\Enums\ExpenseType::select())) !!},
|
||||
url: '{{ url('/admin/aircraft/'.$aircraft->id.'/expenses') }}',
|
||||
title: 'Enter override value',
|
||||
ajaxOptions: {'type': 'put'},
|
||||
ajaxOptions: {
|
||||
type: 'post',
|
||||
headers: {
|
||||
'x-api-key': '{{ Auth::user()->api_key }}',
|
||||
'X-CSRF-TOKEN': token,
|
||||
}
|
||||
},
|
||||
params: function (params) {
|
||||
return {
|
||||
_method: 'put',
|
||||
expense_id: params.pk,
|
||||
name: params.name,
|
||||
value: params.value
|
||||
|
||||
@@ -1,14 +1,24 @@
|
||||
@section('scripts')
|
||||
<script>
|
||||
function setEditable() {
|
||||
|
||||
const csrf_token = $('meta[name="csrf-token"]').attr('content');
|
||||
|
||||
@if(isset($airport))
|
||||
$('#airport-expenses a.text').editable({
|
||||
emptytext: '0',
|
||||
url: '{{ url('/admin/airports/'.$airport->id.'/expenses') }}',
|
||||
title: 'Enter override value',
|
||||
ajaxOptions: {'type': 'put'},
|
||||
ajaxOptions: {
|
||||
type: 'post',
|
||||
headers: {
|
||||
'x-api-key': '{{ Auth::user()->api_key }}',
|
||||
'X-CSRF-TOKEN': csrf_token
|
||||
}
|
||||
},
|
||||
params: function (params) {
|
||||
return {
|
||||
_method: 'put',
|
||||
expense_id: params.pk,
|
||||
name: params.name,
|
||||
value: params.value
|
||||
@@ -19,12 +29,19 @@ function setEditable() {
|
||||
$('#airport-expenses a.dropdown').editable({
|
||||
type: 'select',
|
||||
emptytext: '0',
|
||||
source: {{ json_encode(list_to_editable(\App\Models\Enums\ExpenseType::select())) }},
|
||||
source: {!! json_encode(list_to_editable(\App\Models\Enums\ExpenseType::select())) !!},
|
||||
url: '{{ url('/admin/airports/'.$airport->id.'/expenses') }}',
|
||||
title: 'Enter override value',
|
||||
ajaxOptions: {'type': 'put'},
|
||||
ajaxOptions: {
|
||||
type: 'post',
|
||||
headers: {
|
||||
'x-api-key': '{{ Auth::user()->api_key }}',
|
||||
'X-CSRF-TOKEN': csrf_token
|
||||
}
|
||||
},
|
||||
params: function (params) {
|
||||
return {
|
||||
_method: 'put',
|
||||
expense_id: params.pk,
|
||||
name: params.name,
|
||||
value: params.value
|
||||
@@ -39,7 +56,8 @@ function phpvms_vacentral_airport_lookup(icao, callback) {
|
||||
url: BASE_URL + '/api/airports/'+ icao + '/lookup',
|
||||
method: 'GET',
|
||||
headers: {
|
||||
'x-api-key': PHPVMS_USER_API_KEY
|
||||
'x-api-key': '{{ Auth::user()->api_key }}',
|
||||
'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content')
|
||||
}
|
||||
}).done(function (data, status) {
|
||||
callback(data.data);
|
||||
@@ -56,9 +74,16 @@ $(document).ready(function() {
|
||||
emptytext: '0',
|
||||
url: '{{ url('/admin/airports/fuel') }}',
|
||||
title: 'Enter price per unit of fuel',
|
||||
ajaxOptions: {'type': 'put'},
|
||||
ajaxOptions: {
|
||||
type: 'post',
|
||||
headers: {
|
||||
'x-api-key': '{{ Auth::user()->api_key }}',
|
||||
'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content')
|
||||
}
|
||||
},
|
||||
params: function(params) {
|
||||
return {
|
||||
_method: 'put',
|
||||
id: params.pk,
|
||||
name: params.name,
|
||||
value: params.value
|
||||
|
||||
@@ -8,9 +8,16 @@ function setEditable() {
|
||||
emptytext: 'inherited',
|
||||
url: '{{ url('/admin/flights/'.$flight->id.'/fares') }}',
|
||||
title: 'Enter override value',
|
||||
ajaxOptions: {'type': 'put'},
|
||||
ajaxOptions: {
|
||||
type: 'post',
|
||||
headers: {
|
||||
'x-api-key': '{{ Auth::user()->api_key }}',
|
||||
'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content')
|
||||
}
|
||||
},
|
||||
params: function (params) {
|
||||
return {
|
||||
_method: 'put',
|
||||
fare_id: params.pk,
|
||||
name: params.name,
|
||||
value: params.value
|
||||
@@ -28,9 +35,16 @@ $(document).ready(function () {
|
||||
mode: 'inline',
|
||||
emptytext: '0',
|
||||
url: '/admin/flights/{{ $flight->id }}/fields',
|
||||
ajaxOptions: {'type': 'put'},
|
||||
ajaxOptions: {
|
||||
type: 'post',
|
||||
headers: {
|
||||
'x-api-key': '{{ Auth::user()->api_key }}',
|
||||
'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content')
|
||||
}
|
||||
},
|
||||
params: function (params) {
|
||||
return {
|
||||
_method: 'put',
|
||||
field_id: params.pk,
|
||||
name: params.name,
|
||||
value: params.value
|
||||
|
||||
@@ -1,15 +1,25 @@
|
||||
@section('scripts')
|
||||
<script>
|
||||
function setEditable() {
|
||||
|
||||
const token = $('meta[name="csrf-token"]').attr('content');
|
||||
|
||||
$('#aircraft_fares a').editable({
|
||||
type: 'text',
|
||||
mode: 'inline',
|
||||
emptytext: 'inherited',
|
||||
url: '{{ url('/admin/subfleets/'.$subfleet->id.'/fares') }}',
|
||||
title: 'Enter override value',
|
||||
ajaxOptions: {'type': 'put'},
|
||||
ajaxOptions: {
|
||||
type: 'post',
|
||||
headers: {
|
||||
'x-api-key': '{{ Auth::user()->api_key }}',
|
||||
'X-CSRF-TOKEN': token,
|
||||
}
|
||||
},
|
||||
params: function (params) {
|
||||
return {
|
||||
_method: 'put',
|
||||
fare_id: params.pk,
|
||||
name: params.name,
|
||||
value: params.value
|
||||
@@ -23,9 +33,16 @@ function setEditable() {
|
||||
emptytext: 'inherited',
|
||||
url: '{{ url('/admin/subfleets/'.$subfleet->id.'/ranks') }}',
|
||||
title: 'Enter override value',
|
||||
ajaxOptions: {'type': 'put'},
|
||||
ajaxOptions: {
|
||||
type: 'post',
|
||||
headers: {
|
||||
'x-api-key': '{{ Auth::user()->api_key }}',
|
||||
'X-CSRF-TOKEN': token,
|
||||
}
|
||||
},
|
||||
params: function (params) {
|
||||
return {
|
||||
_method: 'put',
|
||||
rank_id: params.pk,
|
||||
name: params.name,
|
||||
value: params.value
|
||||
@@ -37,9 +54,16 @@ function setEditable() {
|
||||
emptytext: '0',
|
||||
url: '{{ url('/admin/subfleets/'.$subfleet->id.'/expenses') }}',
|
||||
title: 'Enter override value',
|
||||
ajaxOptions: {'type': 'put'},
|
||||
ajaxOptions: {
|
||||
type: 'post',
|
||||
headers: {
|
||||
'x-api-key': '{{ Auth::user()->api_key }}',
|
||||
'X-CSRF-TOKEN': token,
|
||||
}
|
||||
},
|
||||
params: function (params) {
|
||||
return {
|
||||
_method: 'put',
|
||||
expense_id: params.pk,
|
||||
name: params.name,
|
||||
value: params.value
|
||||
@@ -50,13 +74,20 @@ function setEditable() {
|
||||
$('#subfleet-expenses a.dropdown').editable({
|
||||
type: 'select',
|
||||
emptytext: '0',
|
||||
source: {{ json_encode(list_to_editable(\App\Models\Enums\ExpenseType::select())) }},
|
||||
source: {!! json_encode(list_to_editable(\App\Models\Enums\ExpenseType::select())) !!},
|
||||
url: '{{ url('/admin/subfleets/'.$subfleet->id.'/expenses') }}',
|
||||
title: 'Enter override value',
|
||||
ajaxOptions: {'type': 'put'},
|
||||
ajaxOptions: {
|
||||
type: 'post',
|
||||
headers: {
|
||||
'x-api-key': '{{ Auth::user()->api_key }}',
|
||||
'X-CSRF-TOKEN': token,
|
||||
}
|
||||
},
|
||||
params: function (params) {
|
||||
console.log(params);
|
||||
return {
|
||||
_method: 'put',
|
||||
expense_id: params.pk,
|
||||
name: params.name,
|
||||
value: params.value
|
||||
|
||||
Reference in New Issue
Block a user