CRITICAL SECURITY VERSION UPDATE:
https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.13

is there a way to access module function through url

methakonmethakon
edited September 2019 in Feature Requests

i have a class in my core folder

class MY_Base_module_model extends Base_module_model{
public function __construct($table = NULL, $params = NULL)
{
parent::__construct($table, $params);
//$this->get_ajax_csrf();
}
function get_ajax_csrf()
{
echo json_encode(array(
'token'=>$this->security->get_csrf_token_name(),
'hash'=>$this->security->get_csrf_hash()
));
}
}
a simple module :

class Axyz extends MY_Base_module_model{
public $boolean_fields = array('archived');
public $serialized_fields = array('precedence');
public $required = array('title');
public function __construct()
{
parent::__construct('announcements'); // table name
}

public function form_fields($values = array(), $related = array())
{   
    $fields = parent::form_fields($values, $related);
            $fields['a_file']['type']='asset';
            $fields['a_file']['upload_path']='xyz/';
            $fields['a_file']['encrypt_name']=TRUE;
            $fields['a_file']['display_preview']=TRUE;
            $fields['a_file']['remove_spaces']=TRUE;
            $fields['a_file']['hide_options']=TRUE;
            $fields['a_file']['multiple']=FALSE;
    return $fields;
}

}

now i want to call get_ajax_csrf() through url . is their a way . i am planning to do $.getJSON() the csrf and update in window.parent.

also i am planning to do it from $.fn.jqmHide function but is their a better place to coll .. i cant find the function while upload a asset is triggered .

Comments

  • adminadmin

    When you say "i want to call get_ajax_csrf() through url" do you mean you want a URL that returns the CSRF token? If so, you can create a method on your model called "ajax_csrf_token" and then it would be available at fuel/{module}/ajax/csrf_token:
    https://docs.getfuelcms.com/general/javascript#ajax

  • methakonmethakon

    hi i want a common place where i don't have to add the JavaScript file each time . as i have to use this csrf tocken update throughout the admin panel including pages actually where ever modal i frame uploading / update is taking place .

    instead of MY_Base_module_model i am using a controller (using $this->fuel->admin->check_login(); )

    currently i have update the fuel/modules/fuel/assets/js/jquery/plugins/jqModal.js files jqmHide function as follow .

    if(typeof this.NodeList.prototype.forEach != undefined ) { this.NodeList.prototype.forEach = Array.prototype.forEach; } // out side mane object

    $.fn.jqmHide=function(t){return this.each(function(){
        $.jqm.close(this._jqm,t);
        if(typeof window.parent != "undefined" ){
            if(typeof window.parent.CallParent == "undefined" ){
                window.parent.CallParent = function(context)
                {
                    $.getJSON(jqx_config.basePath+"xyz/get_ajax_csrf", function(result){
                        if(typeof result.token  != "undefined"){
                                document.querySelectorAll('#'+result.token).forEach(function(rf){
                                    rf.value=result.hash;
                                });
                          }
                    });
                }
            }
            window.parent.CallParent(this._jqm,t); 

    }

});};

    i am now looking for a better function to update CSRF instead of $.fn.jqmHide to ensure it executed only when modal i frame uploading / update is taking place ``

Sign In or Register to comment.