From d82de9c3b06b3b4e845330be57f7f69ce06bef0a Mon Sep 17 00:00:00 2001
From: Marius Burkard <m.burkard@pixcept.de>
Date: Sun, 31 Jan 2016 10:51:25 -0500
Subject: [PATCH] - fixed upload form problem (CSRF and message)

---
 interface/web/themes/default/assets/javascripts/ispconfig.js |   17 +++++++++++++----
 1 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/interface/web/themes/default/assets/javascripts/ispconfig.js b/interface/web/themes/default/assets/javascripts/ispconfig.js
index 3c72f84..b369b53 100644
--- a/interface/web/themes/default/assets/javascripts/ispconfig.js
+++ b/interface/web/themes/default/assets/javascripts/ispconfig.js
@@ -237,29 +237,38 @@
 			} catch(e) {
 				response = responseStr;
 			}
+			var $response = $('<div></div>').html(response);
 			var msg = '';
-			var okmsg = $('#OKMsg',response).html();
+			var okmsg = $response.find('#OKMsg').html();
 			if(okmsg){
 				msg = '<div id="OKMsg">'+okmsg+'</div>';
 			}
-			var errormsg = $('#errorMsg',response).html();
+			var errormsg = $response.find('#errorMsg').html();
 			if(errormsg){
 				msg = msg+'<div id="errorMsg">'+errormsg+'</div>';
 			}
+			
+			var csrf_key = $response.find('input[name="_csrf_key"]').val();
+			var csrf_id = $response.find('input[name="_csrf_id"]').val();
+			
+			msg = msg + '<input type="hidden" name="_csrf_id" value="' + csrf_id + '" /><input type="hidden" name="_csrf_key" value="' + csrf_key + '" />';
+			
 			return msg;
 
 		};
 
 		var frame_id = 'ajaxUploader-iframe-' + Math.round(new Date().getTime() / 1000);
-		$('body').after('<iframe width="0" height="0" style="display:none;" name="'+frame_id+'" id="'+frame_id+'"/>');
-		$('input[type="file"]').closest("form").attr({target: frame_id, action: target}).submit();
+		$('body').append('<iframe width="0" height="0" style="display:none;" name="'+frame_id+'" id="'+frame_id+'"/>');
 		$('#'+frame_id).load(function() {
 			var msg = handleResponse(this);
 			$('#errorMsg').remove();
 			$('#OKMsg').remove();
+			$('input[name="_csrf_key"]').remove();
+			$('input[name="_csrf_id"]').remove();
 			$('input[name="id"]').before(msg);
 			$(this).remove();
 		  });
+		$('input[type="file"]').closest("form").attr({target: frame_id, action: target}).submit();
 	},
 
 	capp: function(module, redirect) {

--
Gitblit v1.9.1