rooty/fab-manager
1
0
Fork 0
mirror of https://github.com/LaCasemate/fab-manager.git synced 2025-04-10 00:53:51 +02:00
Code Issues Releases Activity

Merge branch 'editor_xss_vulnerability' into dev

Browse Source
This commit is contained in:
Sylvain 2021-10-04 09:31:34 +02:00
commit 3769afe431
3 changed files with 12 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
app/frontend/src/javascript/controllers/projects.js
View File

@ -22,6 +22,7 @@
* in the various projects' admin controllers. * in the various projects' admin controllers.
* *
* Provides : * Provides :
* - $scope.summernoteOptsProject
* - $scope.totalSteps * - $scope.totalSteps
* - $scope.machines = [{Machine}] * - $scope.machines = [{Machine}]
* - $scope.components = [{Component}] * - $scope.components = [{Component}]
@ -42,7 +43,11 @@
* - $state (Ui-Router) [ 'app.public.projects_show', 'app.public.projects_list' ] * - $state (Ui-Router) [ 'app.public.projects_show', 'app.public.projects_list' ]
*/ */
class ProjectsController { class ProjectsController {
constructor ($scope, $state, Project, Machine, Member, Component, Theme, Licence, $document, Diacritics, dialogs, allowedExtensions, _t) { constructor ($rootScope, $scope, $state, Project, Machine, Member, Component, Theme, Licence, $document, Diacritics, dialogs, allowedExtensions, _t) {
// remove codeview from summernote editor
$scope.summernoteOptsProject = angular.copy($rootScope.summernoteOpts);
$scope.summernoteOptsProject.toolbar[6][1].splice(1, 1);
// Retrieve the list of machines from the server // Retrieve the list of machines from the server
Machine.query().$promise.then(function (data) { Machine.query().$promise.then(function (data) {
$scope.machines = data.map(function (d) { $scope.machines = data.map(function (d) {
@ -449,8 +454,8 @@ Application.Controllers.controller('ProjectsController', ['$scope', '$state', 'P
/** /**
* Controller used in the project creation page * Controller used in the project creation page
*/ */
Application.Controllers.controller('NewProjectController', ['$scope', '$state', 'Project', 'Machine', 'Member', 'Component', 'Theme', 'Licence', '$document', 'CSRF', 'Diacritics', 'dialogs', 'allowedExtensions', '_t', Application.Controllers.controller('NewProjectController', ['$rootScope', '$scope', '$state', 'Project', 'Machine', 'Member', 'Component', 'Theme', 'Licence', '$document', 'CSRF', 'Diacritics', 'dialogs', 'allowedExtensions', '_t',
function ($scope, $state, Project, Machine, Member, Component, Theme, Licence, $document, CSRF, Diacritics, dialogs, allowedExtensions, _t) { function ($rootScope, $scope, $state, Project, Machine, Member, Component, Theme, Licence, $document, CSRF, Diacritics, dialogs, allowedExtensions, _t) {
CSRF.setMetaTags(); CSRF.setMetaTags();
// API URL where the form will be posted // API URL where the form will be posted
@ -468,7 +473,7 @@ Application.Controllers.controller('NewProjectController', ['$scope', '$state',
$scope.matchingMembers = []; $scope.matchingMembers = [];
// Using the ProjectsController // Using the ProjectsController
return new ProjectsController($scope, $state, Project, Machine, Member, Component, Theme, Licence, $document, Diacritics, dialogs, allowedExtensions, _t); return new ProjectsController($rootScope, $scope, $state, Project, Machine, Member, Component, Theme, Licence, $document, Diacritics, dialogs, allowedExtensions, _t);
} }
]); ]);
@ -509,7 +514,7 @@ Application.Controllers.controller('EditProjectController', ['$rootScope', '$sco
} }
// Using the ProjectsController // Using the ProjectsController
return new ProjectsController($scope, $state, Project, Machine, Member, Component, Theme, Licence, $document, Diacritics, dialogs, allowedExtensions, _t); return new ProjectsController($rootScope, $scope, $state, Project, Machine, Member, Component, Theme, Licence, $document, Diacritics, dialogs, allowedExtensions, _t);
}; };
// !!! MUST BE CALLED AT THE END of the controller // !!! MUST BE CALLED AT THE END of the controller

2
app/frontend/src/javascript/filters/filters.js
View File

@ -166,7 +166,7 @@ Application.Filters.filter('simpleText', [function () {
}]); }]);
Application.Filters.filter('toTrusted', ['$sce', function ($sce) { Application.Filters.filter('toTrusted', ['$sce', function ($sce) {
return text => $sce.trustAsHtml(text); return text => $sce.getTrustedHtml(text);
}]); }]);
Application.Filters.filter('planIntervalFilter', [function () { Application.Filters.filter('planIntervalFilter', [function () {

2
app/frontend/templates/projects/_form.html
View File

@ -71,7 +71,7 @@
<label for="description" class="col-sm-2 control-label">{{ 'app.shared.project.description' | translate }} *</label> <label for="description" class="col-sm-2 control-label">{{ 'app.shared.project.description' | translate }} *</label>
<div class="col-sm-10"> <div class="col-sm-10">
<input type="hidden" name="project[description]" ng-value="project.description" /> <input type="hidden" name="project[description]" ng-value="project.description" />
<summernote ng-model="project.description" id="project_description" placeholder="" config="summernoteOpts" name="project[description]" required></summernote> <summernote ng-model="project.description" id="project_description" placeholder="" config="summernoteOptsProject" name="project[description]" required></summernote>
<span class="help-block" ng-show="projectForm['project[description]'].$dirty && projectForm['project[description]'].$error.required" translate>{{ 'app.shared.project.description_is_required' }}</span> <span class="help-block" ng-show="projectForm['project[description]'].$dirty && projectForm['project[description]'].$error.required" translate>{{ 'app.shared.project.description_is_required' }}</span>
</div> </div>
</div> </div>