From 5b82ed62dc21d8dc922dcafb5aa5e15ce4fcc142 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Thu, 14 Mar 2013 04:32:21 -0400
Subject: [PATCH] Better handling of session errors in ajax requests - do page reload on 403 Forbidden response (#1488960)
---
program/js/app.js | 94 +++++++++++++++++++++++++++++++++++-----------
1 files changed, 71 insertions(+), 23 deletions(-)
diff --git a/program/js/app.js b/program/js/app.js
index 474ece7..329bd77 100644
--- a/program/js/app.js
+++ b/program/js/app.js
@@ -3,8 +3,8 @@
| Roundcube Webmail Client Script |
| |
| This file is part of the Roundcube Webmail client |
- | Copyright (C) 2005-2012, The Roundcube Dev Team |
- | Copyright (C) 2011, Kolab Systems AG |
+ | Copyright (C) 2005-2013, The Roundcube Dev Team |
+ | Copyright (C) 2011-2012, Kolab Systems AG |
| |
| Licensed under the GNU General Public License version 3 or |
| any later version with exceptions for skins & plugins. |
@@ -219,7 +219,7 @@
if (this.gui_objects.qsearchbox) {
if (this.env.search_text != null)
this.gui_objects.qsearchbox.value = this.env.search_text;
- $(this.gui_objects.qsearchbox).focusin(function() { rcmail.message_list.blur(); });
+ $(this.gui_objects.qsearchbox).focusin(function() { rcmail.message_list && rcmail.message_list.blur(); });
}
this.set_button_titles();
@@ -251,7 +251,7 @@
}
}
else if (this.env.action == 'compose') {
- this.env.compose_commands = ['send-attachment', 'remove-attachment', 'send', 'cancel', 'toggle-editor', 'list-adresses', 'extwin'];
+ this.env.compose_commands = ['send-attachment', 'remove-attachment', 'send', 'cancel', 'toggle-editor', 'list-adresses', 'search', 'reset-search', 'extwin'];
if (this.env.drafts_mailbox)
this.env.compose_commands.push('savedraft')
@@ -583,11 +583,11 @@
var prevstate = this.env.compose_extwin;
$("input[name='_action']", this.gui_objects.messageform).val('compose');
this.gui_objects.messageform.action = this.url('mail/compose', { _id: this.env.compose_id, _extwin: 1 });
- this.gui_objects.messageform.target = this.open_window('', 1150, 900);
+ this.gui_objects.messageform.target = this.open_window('', 1100, 900);
this.gui_objects.messageform.submit();
}
else {
- this.open_window(this.env.permaurl, 1000, 1200);
+ this.open_window(this.env.permaurl, 900, 900);
}
break;
@@ -1050,8 +1050,13 @@
this.reset_qsearch();
this.select_all_mode = false;
- if (s && this.env.mailbox)
+ if (s && this.env.action == 'compose') {
+ if (this.contact_list)
+ this.list_contacts_clear();
+ }
+ else if (s && this.env.mailbox) {
this.list_mailbox(this.env.mailbox, 1);
+ }
else if (s && this.task == 'addressbook') {
if (this.env.source == '') {
for (n in this.env.address_sources) break;
@@ -1673,11 +1678,10 @@
var w = Math.min(width, screen.width - 10),
h = Math.min(height, screen.height - 100),
l = (screen.width - w) / 2 + (screen.left || 0),
- t = Math.max(0, (screen.height - h) / 2 + (screen.top || 0) - 20);
-
- var wname = 'rcmextwin' + new Date().getTime(),
- extwin = window.open(url + '&_extwin=1', wname, 'width='+w+',height='+h+',top='+t+',left='+l+',resizable=yes,toolbar=no,status=no');
- extwin.moveTo(l,t);
+ t = Math.max(0, (screen.height - h) / 2 + (screen.top || 0) - 20),
+ wname = 'rcmextwin' + new Date().getTime(),
+ extwin = window.open(url + '&_extwin=1', wname,
+ 'width='+w+',height='+h+',top='+t+',left='+l+',resizable=yes,toolbar=no,status=no,location=no');
// write loading... message to empty windows
if (!url && extwin.document) {
@@ -1685,7 +1689,9 @@
}
// focus window, delayed to bring to front
- window.setTimeout(function(){ extwin.focus(); }, 10);
+ window.setTimeout(function() { extwin.focus(); }, 10);
+ // position window with setTimeout for Chrome (#1488931)
+ window.setTimeout(function() { extwin.moveTo(l,t); }, bw.chrome ? 100 : 10);
return wname;
};
@@ -3032,10 +3038,10 @@
input_message = $("[name='_message']").get(0),
html_mode = $("input[name='_is_html']").val() == '1',
ac_fields = ['cc', 'bcc', 'replyto', 'followupto'],
- ac_props;
+ ac_props, opener_rc = this.opener();
// close compose step in opener
- if (window.opener && !window.opener.closed && opener.rcmail && opener.rcmail.env.action == 'compose') {
+ if (opener_rc && opener_rc.env.action == 'compose') {
setTimeout(function(){ opener.history.back(); }, 100);
this.env.opened_extwin = true;
}
@@ -3107,6 +3113,13 @@
form._draft.value = draft ? '1' : '';
form.action = this.add_url(form.action, '_unlock', msgid);
form.action = this.add_url(form.action, '_lang', lang);
+
+ // register timer to notify about connection timeout
+ this.submit_timer = setTimeout(function(){
+ ref.set_busy(false, null, msgid);
+ ref.display_message(ref.get_label('requesttimedout'), 'error');
+ }, this.env.request_timeout * 1000);
+
form.submit();
};
@@ -3646,7 +3659,8 @@
// reset vars
this.env.current_page = 1;
- r = this.http_request('search', url, lock);
+ var action = this.env.action == 'compose' && this.contact_list ? 'search-contacts' : 'search';
+ r = this.http_request(action, url, lock);
this.env.qsearch = {lock: lock, request: r};
}
@@ -3706,9 +3720,10 @@
this.display_message(msg, type);
if (this.env.extwin) {
+ var opener_rc = this.opener();
this.lock_form(this.gui_objects.messageform);
- if (window.opener && !window.opener.closed && opener.rcmail)
- opener.rcmail.display_message(msg, type);
+ if (opener_rc)
+ opener_rc.display_message(msg, type);
setTimeout(function(){ window.close() }, 1000);
}
else {
@@ -4140,7 +4155,7 @@
if (this.env.search_id)
folder = 'S'+this.env.search_id;
- else
+ else if (!this.env.search_request)
folder = group ? 'G'+src+group : src;
this.select_folder(folder);
@@ -4193,7 +4208,7 @@
this.env.source = src;
this.env.group = group;
- // also send search request to get the right messages
+ // also send search request to get the right records
if (this.env.search_request)
url._search = this.env.search_request;
@@ -4276,7 +4291,7 @@
this.group_member_change('add', cid, dest, to.id);
else {
var lock = this.display_message(this.get_label('copyingcontact'), 'loading'),
- post_data = {_cid: cid, _source: source, _to: dest, _togid: to.id, _gid: group};
+ post_data = {_cid: cid, _source: this.env.source, _to: dest, _togid: to.id, _gid: group};
this.http_post('copy', post_data, lock);
}
@@ -4284,7 +4299,7 @@
// target is an addressbook
else if (to.id != source) {
var lock = this.display_message(this.get_label('copyingcontact'), 'loading'),
- post_data = {_cid: cid, _source: source, _to: to.id, _gid: group};
+ post_data = {_cid: cid, _source: this.env.source, _to: to.id, _gid: group};
this.http_post('copy', post_data, lock);
}
@@ -4426,6 +4441,11 @@
}
$("input[type='text']:visible").first().focus();
+
+ // Submit search form on Enter
+ if (this.env.action == 'search')
+ $(this.gui_objects.editform).append($('<input type="submit">').hide())
+ .submit(function() { $('input.mainaction').click(); return false; });
};
this.group_create = function()
@@ -6327,12 +6347,29 @@
// redirect to url specified in location header if not empty
var location_url = request.getResponseHeader("Location");
- if (location_url)
+ if (location_url && this.env.action != 'compose') // don't redirect on compose screen, contents might get lost (#1488926)
this.redirect(location_url);
+
+ // 403 Forbidden response (CSRF prevention) - reload the page.
+ // In case there's a new valid session it will be used, otherwise
+ // login form will be presented (#1488960).
+ if (request.status == 403) {
+ (this.is_framed() ? parent : window).location.reload();
+ return;
+ }
// re-send keep-alive requests after 30 seconds
if (action == 'keep-alive')
setTimeout(function(){ ref.keep_alive(); ref.start_keepalive(); }, 30000);
+ };
+
+ // callback when an iframe finished loading
+ this.iframe_loaded = function(unlock)
+ {
+ this.set_busy(false, null, unlock);
+
+ if (this.submit_timer)
+ clearTimeout(this.submit_timer);
};
// post the given form to a hidden iframe
@@ -6573,6 +6610,17 @@
/********* helper methods *********/
/********************************************************/
+ // get window.opener.rcmail if available
+ this.opener = function()
+ {
+ // catch Error: Permission denied to access property rcmail
+ try {
+ if (window.opener && !opener.closed && opener.rcmail)
+ return opener.rcmail;
+ }
+ catch (e) {}
+ };
+
// check if we're in show mode or if we have a unique selection
// and return the message uid
this.get_single_uid = function()
--
Gitblit v1.9.1