diff options
author | Benaka Moorthi <benaka.moorthi@gmail.com> | 2013-06-19 10:40:05 +0400 |
---|---|---|
committer | Benaka Moorthi <benaka.moorthi@gmail.com> | 2013-06-19 10:40:05 +0400 |
commit | e8ec08565cf6975c57323fa3eb2535b664f6b8b7 (patch) | |
tree | 687f35ab83502159b1bbdd8a96cdaa28cf8fa78e /plugins | |
parent | f9af4b22914721e71f9f430ffa00be8a2d156158 (diff) |
Make sure 'Content-Type: application/json' is sent w/ default result of Dashboard.getAllDashboards controller action and use $.text for untrusted content in three places in dashboard.js.
Diffstat (limited to 'plugins')
-rw-r--r-- | plugins/Dashboard/Controller.php | 3 | ||||
-rw-r--r-- | plugins/Dashboard/templates/dashboard.js | 6 |
2 files changed, 6 insertions, 3 deletions
diff --git a/plugins/Dashboard/Controller.php b/plugins/Dashboard/Controller.php index 0fdbba275f..b9e84b891b 100644 --- a/plugins/Dashboard/Controller.php +++ b/plugins/Dashboard/Controller.php @@ -153,8 +153,11 @@ class Piwik_Dashboard_Controller extends Piwik_Controller public function getAllDashboards() { $this->checkTokenInUrl(); + if (Piwik::isUserIsAnonymous()) { + Piwik_DataTable_Renderer_Json::sendHeaderJSON(); echo '[]'; + return; } diff --git a/plugins/Dashboard/templates/dashboard.js b/plugins/Dashboard/templates/dashboard.js index 40a3cb04fd..ee9ec8867b 100644 --- a/plugins/Dashboard/templates/dashboard.js +++ b/plugins/Dashboard/templates/dashboard.js @@ -122,7 +122,7 @@ function renameDashboard() { } function removeDashboard() { - $('#removeDashboardConfirm').find('h2 span').html($('#dashboardWidgetsArea').dashboard('getDashboardName')); + $('#removeDashboardConfirm').find('h2 span').text($('#dashboardWidgetsArea').dashboard('getDashboardName')); piwikHelper.modalConfirm('#removeDashboardConfirm', {yes: function () { $('#dashboardWidgetsArea').dashboard('removeDashboard'); }}); } @@ -159,12 +159,12 @@ function copyDashboardToUser() { function (availableUsers) { $('#copyDashboardUser').empty(); $('#copyDashboardUser').append( - $('<option></option>').val(piwik.userLogin).html(piwik.userLogin) + $('<option></option>').val(piwik.userLogin).text(piwik.userLogin) ); $.each(availableUsers, function (index, user) { if (user.login != 'anonymous' && user.login != piwik.userLogin) { $('#copyDashboardUser').append( - $('<option></option>').val(user.login).html(user.login + ' (' + user.alias + ')') + $('<option></option>').val(user.login).text(user.login + ' (' + user.alias + ')') ); } }); |