Skip to content

Commit db96c71

Browse files
jcheronjcheron
committed
add test isAjax for nonce
1 parent d657079 commit db96c71

File tree

2 files changed

+19
-15
lines changed

2 files changed

+19
-15
lines changed

Ajax/common/traits/JsUtilsAjaxTrait.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -67,9 +67,9 @@ protected function _ajax($method, $url, $responseElement = '', $parameters = [])
6767
if (isset($partial)) {
6868
$ajaxParameters["xhr"] = "xhrProvider";
6969
$retour .= "var xhr = $.ajaxSettings.xhr();function xhrProvider() {return xhr;};xhr.onreadystatechange = function (e) { if (3==e.target.readyState){let response=e.target.responseText;" . $partial . ";}; };";
70-
}elseif (isset($upload)) {
70+
} elseif (isset($upload)) {
7171
$ajaxParameters["xhr"] = "xhrProvider";
72-
$retour .= 'var xhr = $.ajaxSettings.xhr();function xhrProvider() {return xhr;};xhr.upload.addEventListener("progress", function(event) {if (event.lengthComputable) {'.$upload.'}}, false);';
72+
$retour .= 'var xhr = $.ajaxSettings.xhr();function xhrProvider() {return xhr;};xhr.upload.addEventListener("progress", function(event) {if (event.lengthComputable) {' . $upload . '}}, false);';
7373
}
7474
$this->createAjaxParameters($ajaxParameters, $parameters);
7575
$retour .= "$.ajax({" . $this->implodeAjaxParameters($ajaxParameters) . "}).done(function( data, textStatus, jqXHR ) {\n";

Ajax/common/traits/JsUtilsInternalTrait.php

Lines changed: 17 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ trait JsUtilsInternalTrait {
88
protected $jquery_code_for_compile = array();
99

1010
protected $jquery_code_for_compile_at_last = array();
11-
11+
1212
protected $nonce;
1313

1414
protected function _addToCompile($jsScript) {
@@ -73,24 +73,24 @@ protected function minify($input) {
7373
*/
7474
protected function _open_script($src = '') {
7575
$str = '<script ';
76-
if(isset($this->params['nonce'])){
77-
$str.=' nonce="'.$this->generateNonce($this->params['nonce']).'" ';
78-
$this->onNonce();
76+
if (! $this->isAjax() && isset($this->params['nonce'])) {
77+
$nonce = $this->nonce ?? $this->generateNonce($this->params['nonce']);
78+
$str .= ' nonce="' . $nonce . '" ';
7979
}
8080
$str .= ($src == '') ? '>' : ' src="' . $src . '">';
8181
return $str;
8282
}
83-
84-
protected function onNonce(){
85-
86-
}
87-
88-
protected function generateNonce($value=null): string {
83+
84+
protected function onNonce() {}
85+
86+
protected function generateNonce($value = null): string {
8987
$bytes = \random_bytes((int) ($value ?? 32));
90-
return $this->nonce=\base64_encode($bytes);
88+
$this->nonce = \base64_encode($bytes);
89+
$this->onNonce();
90+
return $this->nonce;
9191
}
92-
93-
public function getNonce(){
92+
93+
public function getNonce() {
9494
return $this->nonce;
9595
}
9696

@@ -111,4 +111,8 @@ protected function conflict() {
111111
public function addToCompile($jsScript) {
112112
$this->_addToCompile($jsScript);
113113
}
114+
115+
public function isAjax(): bool {
116+
return (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && ! empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest');
117+
}
114118
}

0 commit comments

Comments
 (0)