From 27fbfa582c545f86235c474c92f10c2e9469b5c4 Mon Sep 17 00:00:00 2001
From: sgiehl <stefangiehl@gmail.com>
Date: Thu, 25 Oct 2012 13:48:41 +0000
Subject: [PATCH] refs #3359 use POST instead of GET requests / do not send
token_auth within query strings
git-svn-id: http://dev.piwik.org/svn/trunk@7309 59fd770c-687e-43c8-a1e3-f5a4ff64c105
---
plugins/CoreHome/templates/broadcast.js | 2 +-
plugins/CoreHome/templates/datatable.js | 2 +-
.../Dashboard/templates/dashboardObject.js | 23 +++++++++++++------
plugins/Dashboard/templates/widgetMenu.js | 12 +++++++---
.../templates/privacySettings.js | 2 +-
plugins/SEO/templates/rank.js | 2 +-
plugins/UserCountry/templates/admin.js | 2 +-
7 files changed, 30 insertions(+), 15 deletions(-)
diff --git a/plugins/CoreHome/templates/broadcast.js b/plugins/CoreHome/templates/broadcast.js
index a7f7a1d693..557b2f9c87 100644
--- a/plugins/CoreHome/templates/broadcast.js
+++ b/plugins/CoreHome/templates/broadcast.js
@@ -366,7 +366,7 @@ var broadcast = {
}
}
var ajaxRequest = {
- type: 'GET',
+ type: 'POST',
url: urlAjax,
dataType: 'html',
async: true,
diff --git a/plugins/CoreHome/templates/datatable.js b/plugins/CoreHome/templates/datatable.js
index b82cf22d60..872023029c 100644
--- a/plugins/CoreHome/templates/datatable.js
+++ b/plugins/CoreHome/templates/datatable.js
@@ -128,7 +128,7 @@ dataTable.prototype =
//prepare the ajax request
var ajaxRequest =
{
- type: 'GET',
+ type: 'POST',
url: 'index.php',
dataType: 'html',
async: true,
diff --git a/plugins/Dashboard/templates/dashboardObject.js b/plugins/Dashboard/templates/dashboardObject.js
index 75dec3971a..b38c12f813 100644
--- a/plugins/Dashboard/templates/dashboardObject.js
+++ b/plugins/Dashboard/templates/dashboardObject.js
@@ -157,12 +157,16 @@
var ajaxRequest =
{
type: 'POST',
- url: 'index.php?module=Dashboard&action=resetLayout&token_auth='+piwik.token_auth,
+ url: 'index.php?module=Dashboard&action=resetLayout',
dataType: 'html',
async: false,
error: piwikHelper.ajaxHandleError,
success: function() { methods.loadDashboard.apply(this, [dashboardId])},
- data: { "idDashboard": dashboardId, "idSite": piwik.idSite }
+ data: {
+ token_auth: piwik.token_auth,
+ idDashboard: dashboardId,
+ idSite: piwik.idSite
+ }
};
piwikHelper.showAjaxLoading();
$.ajax(ajaxRequest);
@@ -228,7 +232,7 @@
piwikHelper.abortQueueAjax();
var ajaxRequest =
{
- type: 'GET',
+ type: 'POST',
url: 'index.php?module=Dashboard&action=getDashboardLayout',
dataType: 'json',
async: true,
@@ -409,7 +413,10 @@
var ajaxRequest =
{
type: 'POST',
- url: 'index.php?module=Dashboard&action=getAllDashboards&token_auth='+piwik.token_auth,
+ url: 'index.php?module=Dashboard&action=getAllDashboards',
+ data: {
+ token_auth: piwik.token_auth
+ },
dataType: 'json',
async: true,
success: function(dashboards) {
@@ -481,7 +488,7 @@
var ajaxRequest =
{
type: 'POST',
- url: 'index.php?module=Dashboard&action='+action+'&token_auth='+piwik.token_auth,
+ url: 'index.php?module=Dashboard&action='+action,
dataType: 'html',
async: true,
success: function() {
@@ -492,6 +499,7 @@
},
error: piwikHelper.ajaxHandleError,
data: {
+ token_auth: piwik.token_auth,
layout: JSON.stringify(dashboardLayout),
name: dashboardName,
idDashboard: dashboardId
@@ -511,7 +519,7 @@
var ajaxRequest =
{
type: 'POST',
- url: 'index.php?module=Dashboard&action=removeDashboard&token_auth='+piwik.token_auth,
+ url: 'index.php?module=Dashboard&action=removeDashboard',
dataType: 'html',
async: false,
success: function() {
@@ -519,7 +527,8 @@
},
error: piwikHelper.ajaxHandleError,
data: {
- idDashboard: dashboardId
+ idDashboard: dashboardId,
+ token_auth: piwik.token_auth
}
};
piwikHelper.showAjaxLoading();
diff --git a/plugins/Dashboard/templates/widgetMenu.js b/plugins/Dashboard/templates/widgetMenu.js
index 0735a92fda..5697c071be 100644
--- a/plugins/Dashboard/templates/widgetMenu.js
+++ b/plugins/Dashboard/templates/widgetMenu.js
@@ -19,8 +19,14 @@ widgetsHelper.getAvailableWidgets = function ()
if(!widgetsHelper.availableWidgets) {
var ajaxRequest =
{
- type: 'GET',
- url: 'index.php?module=Dashboard&action=getAvailableWidgets&token_auth='+piwik.token_auth+'&idSite='+piwik.idSite,
+ type: 'POST',
+ url: 'index.php',
+ data: {
+ module: 'Dashboard',
+ action: 'getAvailableWidgets',
+ token_auth: piwik.token_auth,
+ idSite: piwik.idSite
+ },
dataType: 'json',
async: false,
error: piwikHelper.ajaxHandleError,
@@ -88,7 +94,7 @@ widgetsHelper.getLoadWidgetAjaxRequest = function (widgetUniqueId, widgetParamet
return {
widgetUniqueId:widgetUniqueId,
- type: 'GET',
+ type: 'POST',
url: 'index.php',
dataType: 'html',
async: true,
diff --git a/plugins/PrivacyManager/templates/privacySettings.js b/plugins/PrivacyManager/templates/privacySettings.js
index c276e59cd9..fa2c37b146 100644
--- a/plugins/PrivacyManager/templates/privacySettings.js
+++ b/plugins/PrivacyManager/templates/privacySettings.js
@@ -47,7 +47,7 @@ $(document).ready(function() {
}
currentRequest = $.ajax({
- type: 'GET',
+ type: 'POST',
url: 'index.php?module=PrivacyManager&action=getDatabaseSize',
dataType: 'html',
async: true,
diff --git a/plugins/SEO/templates/rank.js b/plugins/SEO/templates/rank.js
index 806dde55bf..a6fb602cdf 100644
--- a/plugins/SEO/templates/rank.js
+++ b/plugins/SEO/templates/rank.js
@@ -11,7 +11,7 @@ $(document).ready(function() {
piwikHelper.showAjaxLoading('ajaxLoadingSEO');
var ajaxRequest =
{
- type: 'GET',
+ type: 'POST',
url: 'index.php',
dataType: 'html',
error: piwikHelper.ajaxHandleError,
diff --git a/plugins/UserCountry/templates/admin.js b/plugins/UserCountry/templates/admin.js
index b01d019c24..88ebf559df 100755
--- a/plugins/UserCountry/templates/admin.js
+++ b/plugins/UserCountry/templates/admin.js
@@ -49,7 +49,7 @@ $(document).ready(function() {
loading.show();
$.ajax({
- type: 'GET',
+ type: 'POST',
url: 'index.php',
data: {
module: 'UserCountry',
--
GitLab