diff options
| author |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2020-12-31 00:13:29 +0100 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2020-12-31 00:13:29 +0100 |
| commit | 5ca961b8d5130b54d3c5ec664574eac39a88de87 (patch) | |
| tree | bf703bf1c401dcfa85dbcbe1ce66a4a51ba7da89 | |
| parent | 85f5dd4bef40419d5b63b0e845af3f09a6fb7f1b (diff) | |
Fix bugs in anomymous mode (#3305)
* Fix bugs in anomymous mode
Login bug (submit button not working) and refresh bug (JS null
exception, and then 403).
* Take advantage of existing variable
| -rw-r--r-- | app/FreshRSS.php | 5 | ||||
| -rw-r--r-- | p/scripts/extra.js | 2 | ||||
| -rw-r--r-- | p/scripts/main.js | 9 |
3 files changed, 11 insertions, 5 deletions
diff --git a/app/FreshRSS.php b/app/FreshRSS.php index 5b16e3f89..5bf0011d0 100644 --- a/app/FreshRSS.php +++ b/app/FreshRSS.php @@ -76,8 +76,9 @@ class FreshRSS extends Minz_FrontController { } if (!(FreshRSS_Auth::isCsrfOk() || (Minz_Request::controllerName() === 'auth' && Minz_Request::actionName() === 'login') || - (Minz_Request::controllerName() === 'user' && Minz_Request::actionName() === 'create' && - !FreshRSS_Auth::hasAccess('admin')) + (Minz_Request::controllerName() === 'user' && Minz_Request::actionName() === 'create' && !FreshRSS_Auth::hasAccess('admin')) || + (Minz_Request::controllerName() === 'feed' && Minz_Request::actionName() === 'actualize' && FreshRSS_Context::$system_conf->allow_anonymous_refresh) || + (Minz_Request::controllerName() === 'javascript' && Minz_Request::actionName() === 'actualize' && FreshRSS_Context::$system_conf->allow_anonymous) )) { // Token-based protection against XSRF attacks, except for the login or self-create user forms self::initI18n(); diff --git a/p/scripts/extra.js b/p/scripts/extra.js index 4d4f3f171..3cb7b93aa 100644 --- a/p/scripts/extra.js +++ b/p/scripts/extra.js @@ -51,7 +51,7 @@ function init_crypto_form() { forgetOpenCategories(); - const submit_button = document.querySelector('button[type="submit"]'); + const submit_button = document.getElementById('loginButton'); submit_button.disabled = false; crypto_form.onsubmit = function (e) { diff --git a/p/scripts/main.js b/p/scripts/main.js index 21141f210..1a3b02c2a 100644 --- a/p/scripts/main.js +++ b/p/scripts/main.js @@ -1170,7 +1170,12 @@ function updateFeed(feeds, feeds_count) { function init_actualize() { let auto = false; - document.getElementById('actualize').onclick = function () { + const actualize = document.getElementById('actualize'); + if (!actualize) { + return; + } + + actualize.onclick = function () { if (context.ajax_loading) { return false; } @@ -1226,7 +1231,7 @@ function init_actualize() { if (context.auto_actualize_feeds) { auto = true; - document.getElementById('actualize').click(); + actualize.click(); } } // </actualize> |