mirror of
https://github.com/Icinga/icingaweb2.git
synced 2025-07-29 00:34:03 +02:00
lib/form: Bypass sent and submit handling if the form is an API target
refs #9606
This commit is contained in:
Eric Lippmann
parent
dcb1502286
commit
71ff4512c3
@ -60,6 +60,17 @@ class Form extends Zend_Form
|
||||
*/
|
||||
protected $created = false;
|
||||
|
||||
/**
|
||||
* Whether the form is an API target
|
||||
*
|
||||
* When the form is an API target, the form evaluates as submitted if the request method equals the form method.
|
||||
* That means, that the submit button and form identification are not taken into account. In addition, the CSRF
|
||||
* counter measure will not be added to the form's elements.
|
||||
*
|
||||
* @var bool
|
||||
*/
|
||||
protected $isApiTarget = false;
|
||||
|
||||
/**
|
||||
* The request associated with this form
|
||||
*
|
||||
@ -651,6 +662,29 @@ class Form extends Zend_Form
|
||||
return $this->useFormAutosubmit;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get whether the form is an API target
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
public function getIsApiTarget()
|
||||
{
|
||||
return $this->isApiTarget;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set whether the form is an API target
|
||||
*
|
||||
* @param bool $isApiTarget
|
||||
*
|
||||
* @return $this
|
||||
*/
|
||||
public function setIsApiTarget($isApiTarget = true)
|
||||
{
|
||||
$this->isApiTarget = (bool) $isApiTarget;
|
||||
return $this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Create this form
|
||||
*
|
||||
@ -951,7 +985,7 @@ class Form extends Zend_Form
|
||||
if (! $this->tokenDisabled) {
|
||||
$request = $this->getRequest();
|
||||
if (! $request->isXmlHttpRequest()
|
||||
&& $request->getIsApiRequest()
|
||||
&& ($this->getIsApiTarget() || $request->getIsApiRequest())
|
||||
) {
|
||||
return $this;
|
||||
}
|
||||
@ -1016,17 +1050,26 @@ class Form extends Zend_Form
|
||||
}
|
||||
|
||||
$formData = $this->getRequestData();
|
||||
if ($this->getUidDisabled() || $this->wasSent($formData)) {
|
||||
if ($this->getIsApiTarget() || $this->getUidDisabled() || $this->wasSent($formData)) {
|
||||
if (($frameUpload = (bool) $request->getUrl()->shift('_frameUpload', false))) {
|
||||
$this->getView()->layout()->setLayout('wrapped');
|
||||
}
|
||||
|
||||
$this->populate($formData); // Necessary to get isSubmitted() to work
|
||||
if (! $this->getSubmitLabel() || $this->isSubmitted()) {
|
||||
if ($this->isValid($formData)
|
||||
&& (($this->onSuccess !== null && false !== call_user_func($this->onSuccess, $this))
|
||||
|| ($this->onSuccess === null && false !== $this->onSuccess()))) {
|
||||
if (! $frameUpload) {
|
||||
|| ($this->onSuccess === null && false !== $this->onSuccess()))
|
||||
) {
|
||||
if ($this->getIsApiTarget() || $this->getRequest()->getIsApiRequest()) {
|
||||
// API targets and API requests will never redirect but immediately respond w/ JSON-encoded
|
||||
// notifications
|
||||
$messages = Notification::getInstance()->popMessages();
|
||||
// @TODO(el): Use ApiResponse class for unified response handling.
|
||||
$this->getRequest()->sendJson(array(
|
||||
'status' => 'success',
|
||||
'message' => array_pop($messages) // @TODO(el): Remove the type from the message
|
||||
));
|
||||
} elseif (! $frameUpload) {
|
||||
$this->getResponse()->redirectAndExit($this->getRedirectUrl());
|
||||
} else {
|
||||
$this->getView()->layout()->redirectUrl = $this->getRedirectUrl()->getAbsoluteUrl();
|
||||
@ -1052,6 +1095,12 @@ class Form extends Zend_Form
|
||||
*/
|
||||
public function isSubmitted()
|
||||
{
|
||||
if (strtolower($this->getRequest()->getMethod()) !== $this->getMethod()) {
|
||||
return false;
|
||||
}
|
||||
if ($this->getIsApiTarget()) {
|
||||
return true;
|
||||
}
|
||||
if ($this->getSubmitLabel()) {
|
||||
return $this->getElement('btn_submit')->isChecked();
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user