diff options
author | Kate Butler <kate@innocraft.com> | 2019-05-02 06:22:54 +0300 |
---|---|---|
committer | Thomas Steur <tsteur@users.noreply.github.com> | 2019-05-02 06:22:54 +0300 |
commit | 6268a6a928e2011ba6f84a6159b4ab483be62264 (patch) | |
tree | cfbb38948905ddaed425e46de282efffcbe002be /plugins/ScheduledReports | |
parent | efd14a5435ac5729fd1efd3915cc798beeebf484 (diff) |
Submit report download link as a post request (#14351)
* Submit report download link as a post request to hide auth token from user
* Rework to pass all params except token_auth on the URL
* Redo with hidden form already embedded in the DOM
* PR changes
* Missed one
* minor tweak
Diffstat (limited to 'plugins/ScheduledReports')
-rw-r--r-- | plugins/ScheduledReports/angularjs/manage-scheduled-report/manage-scheduled-report.controller.js | 4 | ||||
-rw-r--r-- | plugins/ScheduledReports/templates/_listReports.twig | 23 |
2 files changed, 19 insertions, 8 deletions
diff --git a/plugins/ScheduledReports/angularjs/manage-scheduled-report/manage-scheduled-report.controller.js b/plugins/ScheduledReports/angularjs/manage-scheduled-report/manage-scheduled-report.controller.js index 5ddcb61df9..a8135caad4 100644 --- a/plugins/ScheduledReports/angularjs/manage-scheduled-report/manage-scheduled-report.controller.js +++ b/plugins/ScheduledReports/angularjs/manage-scheduled-report/manage-scheduled-report.controller.js @@ -177,6 +177,10 @@ resetParameters(this.report.type, this.report); }; + this.displayReport = function (reportId) { + $('#downloadReportForm_' + reportId).submit(); + }; + // Email now this.sendReportNow = function (idReport) { var ajaxHandler = getReportAjaxRequest(idReport, 'ScheduledReports.sendReport'); diff --git a/plugins/ScheduledReports/templates/_listReports.twig b/plugins/ScheduledReports/templates/_listReports.twig index 9a04277869..592b977806 100644 --- a/plugins/ScheduledReports/templates/_listReports.twig +++ b/plugins/ScheduledReports/templates/_listReports.twig @@ -75,24 +75,31 @@ </td> <td> {# download link #} - <a href="{{ linkTo({'module':'API', 'segment': null, 'token_auth':token_auth, - 'method':'ScheduledReports.generateReport', 'idReport':report.idreport, - 'outputType':downloadOutputType, 'language':language, - 'format': (report.format in ['html', 'csv']) ? report.format : false - }) }}" - rel="noreferrer noopener" target="_blank" name="linkDownloadReport" id="{{ report.idreport }}" class="link_but withIcon"> + <form action="{{ linkTo({ 'module':'API', 'segment': null, + 'method':'ScheduledReports.generateReport', 'idReport':report.idreport, + 'outputType':downloadOutputType, 'language':language, + 'format': (report.format in ['html', 'csv']) ? report.format : false }) }}" + method="POST" + target="_blank" + id="downloadReportForm_{{ report.idreport|e('html_attr') }}" + > + <input type="hidden" name="token_auth" value="{{ token_auth|e('html_attr') }}"> + </form> + <a href="javascript:void(0)" + ng-click="manageScheduledReport.displayReport({{ report.idreport|json_encode }})" + rel="noreferrer noopener" name="linkDownloadReport" id="{{ report.idreport|e('html_attr') }}" class="link_but withIcon"> <img src='{{ reportFormatsByReportType[report.type][report.format] }}' border="0" width="16px" height="16px"/> {{ 'General_Download'|translate }} </a> </td> <td style="text-align: center;padding-top:2px;"> - <button ng-click="manageScheduledReport.editReport({{ report.idreport }})" + <button ng-click="manageScheduledReport.editReport({{ report.idreport|json_encode }})" class="table-action" title="{{ 'General_Edit'|translate|e('html_attr') }}"> <span class="icon-edit"></span> </button> </td> <td style="text-align: center;padding-top:2px;"> - <button ng-click="manageScheduledReport.deleteReport({{ report.idreport }})" + <button ng-click="manageScheduledReport.deleteReport({{ report.idreport|json_encode }})" class="table-action" title="{{ 'General_Delete'|translate|e('html_attr') }}"> <span class="icon-delete"></span> </button> |