From 7aacbd4db89cd7ae78f5a957f6b587f43da99092 Mon Sep 17 00:00:00 2001
From: "Alexander A. Klimov" <alexander.klimov@icinga.com>
Date: Thu, 26 Nov 2020 18:38:55 +0100
Subject: [PATCH 1/2] CheckNowCommandForm#init(): set submit label

... otherwise Form#handleRequest() bypasses Form#isSubmitted()
on API requests and considers the CheckNowCommandForm submitted.

refs #4281
---
 .../application/forms/Command/Object/CheckNowCommandForm.php     | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/monitoring/application/forms/Command/Object/CheckNowCommandForm.php b/modules/monitoring/application/forms/Command/Object/CheckNowCommandForm.php
index fdeddea4d..a586d2f78 100644
--- a/modules/monitoring/application/forms/Command/Object/CheckNowCommandForm.php
+++ b/modules/monitoring/application/forms/Command/Object/CheckNowCommandForm.php
@@ -19,6 +19,7 @@ class CheckNowCommandForm extends ObjectsCommandForm
     public function init()
     {
         $this->setAttrib('class', 'inline');
+        $this->setSubmitLabel($this->translate('Check now'));
     }
 
     /**

From 16be5f9572d98268ffbe82905c080d924e5049de Mon Sep 17 00:00:00 2001
From: Johannes Meyer <johannes.meyer@icinga.com>
Date: Thu, 18 Feb 2021 12:16:43 +0100
Subject: [PATCH 2/2] Form: Add some todos regarding the handling of "api
 targets"

I've added them only for our future "migration" to `ipl\html\Form`.
We MUST NOT migrate this flawed handling of API targets.
---
 library/Icinga/Web/Form.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/library/Icinga/Web/Form.php b/library/Icinga/Web/Form.php
index 06694acbd..f836d0f78 100644
--- a/library/Icinga/Web/Form.php
+++ b/library/Icinga/Web/Form.php
@@ -737,6 +737,7 @@ class Form extends Zend_Form
     /**
      * Get whether the form is an API target
      *
+     * @todo This should probably only return true if the request is also an api request
      * @return bool
      */
     public function getIsApiTarget()
@@ -1157,6 +1158,7 @@ class Form extends Zend_Form
 
         $formData = $this->getRequestData();
         if ($this->getIsApiTarget()
+            // TODO: Very very bad, wasSent() must not be bypassed if it's only an api request but not an qpi target
             || $this->getRequest()->isApiRequest()
             || $this->getUidDisabled()
             || $this->wasSent($formData)
@@ -1170,6 +1172,7 @@ class Form extends Zend_Form
                     && (($this->onSuccess !== null && false !== call_user_func($this->onSuccess, $this))
                         || ($this->onSuccess === null && false !== $this->onSuccess()))
                 ) {
+                    // TODO: Still bad. An api target must not behave as one if it's not an api request
                     if ($this->getIsApiTarget() || $this->getRequest()->isApiRequest()) {
                         // API targets and API requests will never redirect but immediately respond w/ JSON-encoded
                         // notifications
@@ -1189,6 +1192,7 @@ class Form extends Zend_Form
                     } else {
                         $this->getView()->layout()->redirectUrl = $this->getRedirectUrl()->getAbsoluteUrl();
                     }
+                // TODO: Still bad. An api target must not behave as one if it's not an api request
                 } elseif ($this->getIsApiTarget() || $this->getRequest()->isApiRequest()) {
                     $this->getResponse()->json()->setFailData($this->getMessages())->sendResponse();
                 }