diff --git a/modules/cms/widgets/MediaManager.php b/modules/cms/widgets/MediaManager.php index 7fdf11ca2..f576900b3 100644 --- a/modules/cms/widgets/MediaManager.php +++ b/modules/cms/widgets/MediaManager.php @@ -950,14 +950,13 @@ class MediaManager extends WidgetBase { $fileName = null; - if (!($uniqueId = post('X_OCTOBER_FILEUPLOAD')) || $uniqueId != $this->getId()) { + if (!($uniqueId = Request::header('X-OCTOBER-FILEUPLOAD')) || $uniqueId != $this->getId()) { return; } try { - if (!Input::hasFile('file_data')) { - return; + throw new ApplicationException('File missing from request'); } $uploadedFile = Input::file('file_data'); @@ -999,12 +998,13 @@ class MediaManager extends WidgetBase File::get($uploadedFile->getRealPath()) ); - die('success'); + Response::json(['result' => 'success'])->send(); } catch (Exception $ex) { - Response::make($ex->getMessage(), 406)->send(); - die(); + Response::json($ex->getMessage(), 400)->send(); } + + exit; } /** diff --git a/modules/cms/widgets/mediamanager/assets/js/mediamanager-browser-min.js b/modules/cms/widgets/mediamanager/assets/js/mediamanager-browser-min.js index 4adbb77ae..66cf51980 100644 --- a/modules/cms/widgets/mediamanager/assets/js/mediamanager-browser-min.js +++ b/modules/cms/widgets/mediamanager/assets/js/mediamanager-browser-min.js @@ -280,7 +280,10 @@ this.scrollContentElement.insertBefore(this.selectionMarker,this.scrollContentEl MediaManager.prototype.doObjectsCollide=function(aTop,aLeft,aWidth,aHeight,bTop,bLeft,bWidth,bHeight){return!(((aTop+aHeight)<(bTop))||(aTop>(bTop+bHeight))||((aLeft+aWidth)(bLeft+bWidth)))} MediaManager.prototype.initUploader=function(){if(!this.itemListElement) return -var uploaderOptions={clickable:this.$el.find('[data-control="upload"]').get(0),method:'POST',url:window.location,paramName:'file_data',createImageThumbnails:false} +var uploaderOptions={clickable:this.$el.find('[data-control="upload"]').get(0),url:this.options.url,paramName:'file_data',headers:{},createImageThumbnails:false} +if(this.options.uniqueId){uploaderOptions.headers['X-OCTOBER-FILEUPLOAD']=this.options.uniqueId} +var token=$('meta[name="csrf-token"]').attr('content') +if(token){uploaderOptions.headers['X-CSRF-TOKEN']=token} this.dropzone=new Dropzone(this.$el.get(0),uploaderOptions) this.dropzone.on('addedfile',this.proxy(this.uploadFileAdded)) this.dropzone.on('totaluploadprogress',this.proxy(this.uploadUpdateTotalProgress)) @@ -308,8 +311,7 @@ progressBar.setAttribute('class','progress-bar')} MediaManager.prototype.uploadQueueComplete=function(){this.$el.find('[data-command="cancel-uploading"]').addClass('hide') this.$el.find('[data-command="close-uploader"]').removeClass('hide') this.refresh()} -MediaManager.prototype.uploadSending=function(file,xhr,formData){formData.append('path',this.$el.find('[data-type="current-folder"]').val()) -formData.append('X_OCTOBER_FILEUPLOAD',this.options.uniqueId)} +MediaManager.prototype.uploadSending=function(file,xhr,formData){formData.append('path',this.$el.find('[data-type="current-folder"]').val())} MediaManager.prototype.uploadCancelAll=function(){this.dropzone.removeAllFiles(true) this.hideUploadUi()} MediaManager.prototype.updateUploadBar=function(templateName,classNames){var fileNumberLabel=this.$el.get(0).querySelector('[data-label="file-number-and-progress"]'),successTemplate=fileNumberLabel.getAttribute('data-'+templateName+'-template'),progressBar=this.$el.get(0).querySelector('[data-control="upload-progress-bar"]') @@ -463,7 +465,7 @@ eventHandled=true break;} if(eventHandled){ev.preventDefault() ev.stopPropagation()}} -MediaManager.DEFAULTS={alias:'',uniqueId:null,deleteEmpty:'Please select files to delete.',deleteConfirm:'Do you really want to delete the selected file(s)?',moveEmpty:'Please select files to move.',selectSingleImage:'Please select a single image.',selectionNotImage:'The selected item is not an image.',bottomToolbar:false,cropAndInsertButton:false} +MediaManager.DEFAULTS={url:window.location,alias:'',uniqueId:null,deleteEmpty:'Please select files to delete.',deleteConfirm:'Do you really want to delete the selected file(s)?',moveEmpty:'Please select files to move.',selectSingleImage:'Please select a single image.',selectionNotImage:'The selected item is not an image.',bottomToolbar:false,cropAndInsertButton:false} var old=$.fn.mediaManager $.fn.mediaManager=function(option){var args=Array.prototype.slice.call(arguments,1),result=undefined this.each(function(){var $this=$(this) diff --git a/modules/cms/widgets/mediamanager/assets/js/mediamanager.js b/modules/cms/widgets/mediamanager/assets/js/mediamanager.js index 1a35280b9..3c3fe610d 100644 --- a/modules/cms/widgets/mediamanager/assets/js/mediamanager.js +++ b/modules/cms/widgets/mediamanager/assets/js/mediamanager.js @@ -717,13 +717,25 @@ var uploaderOptions = { clickable: this.$el.find('[data-control="upload"]').get(0), - method: 'POST', - url: window.location, + url: this.options.url, paramName: 'file_data', + headers: {}, createImageThumbnails: false // fallback: implement method that would set a flag that the uploader is not supported by the browser } + if (this.options.uniqueId) { + uploaderOptions.headers['X-OCTOBER-FILEUPLOAD'] = this.options.uniqueId + } + + /* + * Add CSRF token to headers + */ + var token = $('meta[name="csrf-token"]').attr('content') + if (token) { + uploaderOptions.headers['X-CSRF-TOKEN'] = token + } + this.dropzone = new Dropzone(this.$el.get(0), uploaderOptions) this.dropzone.on('addedfile', this.proxy(this.uploadFileAdded)) this.dropzone.on('totaluploadprogress', this.proxy(this.uploadUpdateTotalProgress)) @@ -791,7 +803,6 @@ MediaManager.prototype.uploadSending = function(file, xhr, formData) { formData.append('path', this.$el.find('[data-type="current-folder"]').val()) - formData.append('X_OCTOBER_FILEUPLOAD', this.options.uniqueId) } MediaManager.prototype.uploadCancelAll = function() { @@ -1253,6 +1264,7 @@ // ============================ MediaManager.DEFAULTS = { + url: window.location, alias: '', uniqueId: null, deleteEmpty: 'Please select files to delete.',