include csrf token and fix escaping for admin scripts

This commit is contained in:
Nabeel Shahzad
2018-03-13 01:48:47 -05:00
parent bff80c2dc7
commit 684ee545cf
9 changed files with 110 additions and 20 deletions

View File

@@ -1,14 +1,24 @@
@section('scripts')
<script>
function setEditable() {
const token = $('meta[name="csrf-token"]').attr('content');
@if(isset($aircraft))
$('#expenses a.text').editable({
emptytext: '0',
url: '{{ url('/admin/aircraft/'.$aircraft->id.'/expenses') }}',
title: 'Enter override value',
ajaxOptions: {'type': 'put'},
ajaxOptions: {
type: 'post',
headers: {
'x-api-key': '{{ Auth::user()->api_key }}',
'X-CSRF-TOKEN': token,
}
},
params: function (params) {
return {
_method: 'put',
expense_id: params.pk,
name: params.name,
value: params.value
@@ -19,12 +29,19 @@ function setEditable() {
$('#expenses a.dropdown').editable({
type: 'select',
emptytext: '0',
source: {{ json_encode(list_to_editable(\App\Models\Enums\ExpenseType::select())) }},
source: {!! json_encode(list_to_editable(\App\Models\Enums\ExpenseType::select())) !!},
url: '{{ url('/admin/aircraft/'.$aircraft->id.'/expenses') }}',
title: 'Enter override value',
ajaxOptions: {'type': 'put'},
ajaxOptions: {
type: 'post',
headers: {
'x-api-key': '{{ Auth::user()->api_key }}',
'X-CSRF-TOKEN': token,
}
},
params: function (params) {
return {
_method: 'put',
expense_id: params.pk,
name: params.name,
value: params.value