Unverified Commit 01bdfffd authored by brevilo's avatar brevilo Committed by GitHub

Merge pull request #4022 from brevilo/SA-CORE-2020-007

Drupal: SA-CORE-2020-007 fix for ctools
parents b6a79995 8e3657e9
......@@ -3,8 +3,8 @@ description = A library of helpful tools by Merlin of Chaos.
core = 6.x
package = Chaos tool suite
; Information added by Drupal.org packaging script on 2015-12-22
version = "6.x-1.15-boinc-2-dev"
version = "6.x-1.15-boinc-3-dev"
core = "6.x"
project = "ctools"
datestamp = "1548704188"
datestamp = "1600333247"
......@@ -50,7 +50,7 @@
var $objects = $('a[href="' + old_url + '"]');
$objects.addClass('ctools-fetching');
try {
var url = Drupal.CTools.AJAX.urlReplaceNojs(url);
var url = Drupal.sanitizeAjaxUrl(Drupal.CTools.AJAX.urlReplaceNojs(url));
var ajaxOptions = {
type: "POST",
url: url,
......@@ -68,7 +68,8 @@
complete: function() {
$objects.removeClass('ctools-fetching');
},
dataType: 'json'
dataType: 'json',
jsonp: false
};
$.ajax(ajaxOptions);
}
......@@ -117,7 +118,7 @@
}
$(this).addClass('ctools-ajaxing');
try {
url = Drupal.CTools.AJAX.urlReplaceNojs(url);
url = Drupal.sanitizeAjaxUrl(Drupal.CTools.AJAX.urlReplaceNojs(url));
$.ajax({
type: "POST",
url: url,
......@@ -131,7 +132,8 @@
complete: function() {
$('.ctools-ajaxing').removeClass('ctools-ajaxing');
},
dataType: 'json'
dataType: 'json',
jsonp: false
});
}
catch (err) {
......@@ -159,7 +161,7 @@
$(this).addClass('ctools-ajaxing');
try {
if (url) {
url = Drupal.CTools.AJAX.urlReplaceNojs(url);
url = Drupal.sanitizeAjaxUrl(Drupal.CTools.AJAX.urlReplaceNojs(url));
$.ajax({
type: "POST",
url: url,
......@@ -173,7 +175,8 @@
complete: function() {
$('.ctools-ajaxing').removeClass('ctools-ajaxing');
},
dataType: 'json'
dataType: 'json',
jsonp: false
});
}
else {
......@@ -329,7 +332,7 @@
var form_id = $object.parents('form').get(0).id;
try {
if (url) {
url = Drupal.CTools.AJAX.urlReplaceNojs(url);
url = Drupal.sanitizeAjaxUrl(Drupal.CTools.AJAX.urlReplaceNojs(url));
$.ajax({
type: "POST",
url: url,
......@@ -346,7 +349,8 @@
$('form#' + form_id).submit();
}
},
dataType: 'json'
dataType: 'json',
jsonp: false
});
}
else {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment