From 2fd5ab8c55e990d3ad6dacc5371dfd5f9b6bcd2e Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre.alapetite@alexandra.dk>
Date: Sat, 23 Sep 2017 13:34:57 +0200
Subject: Fix global view CSRF

https://github.com/FreshRSS/FreshRSS/issues/1591
---
 p/scripts/global_view.js | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'p/scripts/global_view.js')

diff --git a/p/scripts/global_view.js b/p/scripts/global_view.js
index de0b9cb9f..e3de0fd52 100644
--- a/p/scripts/global_view.js
+++ b/p/scripts/global_view.js
@@ -33,6 +33,9 @@ function load_panel(link) {
 			$.ajax({
 				type: "POST",
 				url: $(this).attr("formaction"),
+				data : {
+					_csrf: context.csrf,
+				},
 				async: false
 			});
 			window.location.reload(false);
-- 
cgit v1.2.3


From ca7d1fdddeb5faf48014e93fac50619fa22a893d Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre.alapetite@alexandra.dk>
Date: Sat, 23 Sep 2017 13:41:26 +0200
Subject: Minor JS whitespace

---
 p/scripts/category.js    |  2 +-
 p/scripts/global_view.js |  2 +-
 p/scripts/main.js        | 10 +++++-----
 3 files changed, 7 insertions(+), 7 deletions(-)

(limited to 'p/scripts/global_view.js')

diff --git a/p/scripts/category.js b/p/scripts/category.js
index fbcd83a01..caa4fa22f 100644
--- a/p/scripts/category.js
+++ b/p/scripts/category.js
@@ -92,7 +92,7 @@ function init_draggable() {
 		$.ajax({
 			type: 'POST',
 			url: './?c=feed&a=move',
-			data : {
+			data: {
 				f_id: dragFeedId,
 				c_id: e.target.parentNode.getAttribute('data-cat-id'),
 				_csrf: context.csrf,
diff --git a/p/scripts/global_view.js b/p/scripts/global_view.js
index e3de0fd52..c5aaa48b1 100644
--- a/p/scripts/global_view.js
+++ b/p/scripts/global_view.js
@@ -33,7 +33,7 @@ function load_panel(link) {
 			$.ajax({
 				type: "POST",
 				url: $(this).attr("formaction"),
-				data : {
+				data: {
 					_csrf: context.csrf,
 				},
 				async: false
diff --git a/p/scripts/main.js b/p/scripts/main.js
index 117e8a598..aa2f1d58b 100644
--- a/p/scripts/main.js
+++ b/p/scripts/main.js
@@ -133,7 +133,7 @@ function mark_read(active, only_not_read) {
 	$.ajax({
 		type: 'POST',
 		url: url,
-		data : {
+		data: {
 			ajax: true,
 			_csrf: context.csrf,
 		},
@@ -182,7 +182,7 @@ function mark_favorite(active) {
 	$.ajax({
 		type: 'POST',
 		url: url,
-		data : {
+		data: {
 			ajax: true,
 			_csrf: context.csrf,
 		},
@@ -823,7 +823,7 @@ function updateFeed(feeds, feeds_count) {
 	$.ajax({
 		type: 'POST',
 		url: feed.url,
-		data : {
+		data: {
 			_csrf: context.csrf,
 			noCommit: feeds.length > 0 ? 1 : 0,
 		},
@@ -860,7 +860,7 @@ function init_actualize() {
 				$.ajax({	//Empty request to force refresh server database cache
 					type: 'POST',
 					url: './?c=feed&a=actualize&id=-1',
-					data : {
+					data: {
 						_csrf: context.csrf,
 						noCommit: 0,
 					},
@@ -1299,7 +1299,7 @@ function init_slider_observers() {
 		$.ajax({
 			type: 'GET',
 			url: url_slide,
-			data : { ajax: true }
+			data: { ajax: true }
 		}).done(function (data) {
 			slider.html(data);
 			closer.addClass('active');
-- 
cgit v1.2.3