CSRF For personal theme

LiveHelperChat · Jan 26, 2022 · 9f5bc33 · 9f5bc33
1 parent 965bc5a
commit 9f5bc33
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 3 deletions.
diff --git a/lhc_web/design/defaulttheme/js/admintheme.form.angular.js b/lhc_web/design/defaulttheme/js/admintheme.form.angular.js
@@ -91,5 +91,17 @@ lhcAppControllers.controller('IClickToCallFormGenerator',['$scope','$http','$loc
 			});			
 			delete that.staticCSSResources[field.hash];
 		};
+
+        this.initVariables = function () {
+            if (window.PersonalTheme.staticResources) {
+                this.staticResources = window.PersonalTheme.staticResources;
+            }
+            if (window.PersonalTheme.staticJSResources) {
+                this.staticJSResources = window.PersonalTheme.staticJSResources;
+            }
+            if (window.PersonalTheme.staticCSSResources) {
+                this.staticCSSResources = window.PersonalTheme.staticCSSResources;
+            }
+        }
 
 }]);
diff --git a/lhc_web/design/defaulttheme/tpl/lhkernel/validation_error.tpl.php b/lhc_web/design/defaulttheme/tpl/lhkernel/validation_error.tpl.php
@@ -1,5 +1,5 @@
 <?php if (isset($errors)) : ?>
-<div data-alert class="alert alert-danger alert-dismissible fade show">
+<div data-alert class="alert alert-danger alert-dismissible fade show" ng-non-bindable>
 <?php if (!isset($hideErrorButton)) : ?>
 <button type="button" class="close" data-dismiss="alert" aria-label="Close">
     <span aria-hidden="true">&times;</span>

diff --git a/lhc_web/design/defaulttheme/tpl/lhtheme/admin/form.tpl.php b/lhc_web/design/defaulttheme/tpl/lhtheme/admin/form.tpl.php
@@ -4,7 +4,23 @@
 
 <?php include(erLhcoreClassDesign::designtpl('lhkernel/csfr_token.tpl.php'));?>
 
-<div role="tabpanel" ng-controller="IClickToCallFormGenerator as cform"  ng-init='<?php if ($form->static_content != '') : ?>cform.staticResources = <?php echo $form->static_content?>;<?php endif;?><?php if ($form->static_js_content != '') : ?>cform.staticJSResources = <?php echo $form->static_js_content?>;<?php endif;?><?php if ($form->static_css_content != '') : ?>cform.staticCSSResources = <?php echo $form->static_css_content?>;<?php endif;?>'>
+<script>
+    window.PersonalTheme = {};
+
+    <?php if ($form->static_content != '') : ?>
+    window.PersonalTheme.staticResources = <?php echo $form->static_content;?>
+    <?php endif; ?>
+
+    <?php if ($form->static_js_content != '') : ?>
+    window.PersonalTheme.staticJSResources = <?php echo $form->static_js_content;?>
+    <?php endif; ?>
+
+    <?php if ($form->static_css_content != '') : ?>
+    window.PersonalTheme.staticCSSResources = <?php echo $form->static_css_content;?>
+    <?php endif; ?>
+</script>
+
+<div role="tabpanel" ng-controller="IClickToCallFormGenerator as cform" ng-init="cform.initVariables();">
 
 	<!-- Nav tabs -->
 	<ul class="nav nav-tabs" role="tablist">

diff --git a/lhc_web/design/defaulttheme/tpl/lhtheme/personaltheme.tpl.php b/lhc_web/design/defaulttheme/tpl/lhtheme/personaltheme.tpl.php
@@ -5,7 +5,7 @@
 <form action="<?php echo erLhcoreClassDesign::baseurl('theme/personaltheme')?>" method="post" autocomplete="off" enctype="multipart/form-data">
 
     <div class="form-group">
-        <label><input type="checkbox" name="EnabledPersonal" value="on" <?php if ($enabledPersonal == true) : ?>checked="checked"<?php endif;?> /> Enable personal theme for me</label>
+        <label><input type="checkbox" name="EnabledPersonal" value="on" <?php if ($enabledPersonal == true) : ?>checked="checked"<?php endif;?> /> <?php echo erTranslationClassLhTranslation::getInstance()->getTranslation('admintheme/form','Enable personal theme for me');?></label>
     </div>
 
     <?php if (isset($updated)) : $msg = erTranslationClassLhTranslation::getInstance()->getTranslation('admintheme/form','Updated'); ?>