From 20c33de1780fa3a4a89cb139271b2665f45666e4 Mon Sep 17 00:00:00 2001
From: llj <lingjun.li1@gmail.com>
Date: Thu, 30 Aug 2018 18:19:03 +0800
Subject: [PATCH] [csrf cookie] modification

---
 media/js/base.js                                 | 6 +++---
 seahub/templates/base.html                       | 6 +++++-
 seahub/templates/sysadmin/sysadmin_backbone.html | 3 ++-
 seahub/templates/view_file_onlyoffice.html       | 5 +++++
 seahub/templates/view_file_wopi.html             | 5 +++++
 5 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/media/js/base.js b/media/js/base.js
index 6f3b093b92..03e4cf88ba 100644
--- a/media/js/base.js
+++ b/media/js/base.js
@@ -103,7 +103,7 @@ function addConfirmTo(op_ele, popup) {
                 $('<form>', {
                     "method": 'POST',
                     "action": $(this).data('url'),
-                    "html": '<input name="csrfmiddlewaretoken" value="' + getCookie('sfcsrftoken') + '" type="hidden">'
+                    "html": '<input name="csrfmiddlewaretoken" value="' + getCookie(SEAFILE_GLOBAL.csrfCookieName) + '" type="hidden">'
                 }).appendTo(document.body).trigger('submit');
             } else { // default
                 location.href = $(this).data('url');
@@ -130,7 +130,7 @@ function addFormPost(op_ele) {
         $('<form>', {
             "method": 'POST',
             "action": $(this).data('url'),
-            "html": '<input name="csrfmiddlewaretoken" value="' + getCookie('sfcsrftoken') + '" type="hidden">'
+            "html": '<input name="csrfmiddlewaretoken" value="' + getCookie(SEAFILE_GLOBAL.csrfCookieName) + '" type="hidden">'
         }).appendTo(document.body).trigger('submit');
         return false;
     });
@@ -223,7 +223,7 @@ function getCookie(name) {
 function prepareCSRFToken(xhr, settings) {
     if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
         // Only send the token to relative URLs i.e. locally.
-        xhr.setRequestHeader("X-CSRFToken", getCookie('sfcsrftoken'));
+        xhr.setRequestHeader("X-CSRFToken", getCookie(SEAFILE_GLOBAL.csrfCookieName));
     }
 }
 
diff --git a/seahub/templates/base.html b/seahub/templates/base.html
index afbc36c220..6cd9cc470b 100644
--- a/seahub/templates/base.html
+++ b/seahub/templates/base.html
@@ -128,7 +128,11 @@
             <button class="simplemodal-close">{% trans "No" %}</button>
         </div>
 </div><!-- wrapper -->
-
+<script type="text/javascript">
+var SEAFILE_GLOBAL = {
+    csrfCookieName: '{{ CSRF_COOKIE_NAME }}'
+};
+</script>
 <script type="text/javascript" src="{% static "scripts/lib/jquery.min.js" %}" id="jquery"></script>{# 'id="jquery"' is for pdf file view with pdf2html #}
 <script type="text/javascript" src="{% static "scripts/lib/jquery.simplemodal.js" %}"></script>
 <script type="text/javascript" src="{% static "scripts/lib/jstree.min.js" %}"></script>
diff --git a/seahub/templates/sysadmin/sysadmin_backbone.html b/seahub/templates/sysadmin/sysadmin_backbone.html
index bdb72da96d..ff0f212169 100644
--- a/seahub/templates/sysadmin/sysadmin_backbone.html
+++ b/seahub/templates/sysadmin/sysadmin_backbone.html
@@ -79,7 +79,8 @@ var app = {
     config: {
         mediaUrl: '{{ MEDIA_URL }}',
         siteRoot: '{{ SITE_ROOT }}',
-        loginUrl: '{{ LOGIN_URL }}'
+        loginUrl: '{{ LOGIN_URL }}',
+        csrfCookieName: '{{ CSRF_COOKIE_NAME }}'
     }
 };
 app["pageOptions"] = {
diff --git a/seahub/templates/view_file_onlyoffice.html b/seahub/templates/view_file_onlyoffice.html
index 0aafb5875d..e44b236a88 100644
--- a/seahub/templates/view_file_onlyoffice.html
+++ b/seahub/templates/view_file_onlyoffice.html
@@ -15,6 +15,11 @@ html, body { padding:0; margin:0; height:100%; }
 <div id="placeholder"></div>
 
 {% get_current_language as LANGUAGE_CODE %}
+<script type="text/javascript">
+var SEAFILE_GLOBAL = {
+    csrfCookieName: '{{ CSRF_COOKIE_NAME }}'
+};
+</script>
 <script type="text/javascript" src="{% static "scripts/lib/jquery.min.js" %}"></script>
 <script type="text/javascript" src="{{ MEDIA_URL }}js/jq.min.js"></script>
 <script type="text/javascript" src="{{ MEDIA_URL }}js/base.js"></script>
diff --git a/seahub/templates/view_file_wopi.html b/seahub/templates/view_file_wopi.html
index 94b21a6db3..4115719b07 100644
--- a/seahub/templates/view_file_wopi.html
+++ b/seahub/templates/view_file_wopi.html
@@ -38,6 +38,11 @@
 
 <iframe id="office_frame" name="office_frame" class="hide" allowfullscreen ></iframe>
 
+<script type="text/javascript">
+var SEAFILE_GLOBAL = {
+    csrfCookieName: '{{ CSRF_COOKIE_NAME }}'
+};
+</script>
 <script type="text/javascript" src="{% static "scripts/lib/jquery.min.js" %}"></script>
 <script type="text/javascript" src="{{ MEDIA_URL }}js/jq.min.js"></script>
 <script type="text/javascript" src="{{ MEDIA_URL }}js/base.js"></script>