From d7554c0bb25241c1299af28785878d31ad02dbad Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Sun, 17 Jan 2010 10:52:59 +0100
Subject: Added CRSF security token checks in ACL plugin

---
 lib/plugins/acl/script.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'lib/plugins/acl/script.js')

diff --git a/lib/plugins/acl/script.js b/lib/plugins/acl/script.js
index 7ab83db58..449a3c16a 100644
--- a/lib/plugins/acl/script.js
+++ b/lib/plugins/acl/script.js
@@ -48,7 +48,8 @@ acl = {
         data[1] = ajax.encVar('id',frm.elements['id'].value);
         data[2] = ajax.encVar('acl_t',frm.elements['acl_t'].value);
         data[3] = ajax.encVar('acl_w',frm.elements['acl_w'].value);
-        data[4] = ajax.encVar('ajax','info');
+        data[4] = ajax.encVar('sectok',frm.elements['sectok'].value);
+        data[5] = ajax.encVar('ajax','info');
 
         ajax.elementObj = $('acl__info');
 
-- 
cgit v1.2.3


From 40307ce67e9cb6cc8f00ddcddf1677f41b42fb83 Mon Sep 17 00:00:00 2001
From: Michael Hamann <michael@content-space.de>
Date: Sat, 3 Apr 2010 16:57:58 +0200
Subject: Preserve selected item in the acl manager during ajax requests

There are two new parameters submitted that contain the currently
selected namespace and page id so it can be selected again
indenpendently from the opened namespace.
---
 lib/plugins/acl/script.js | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'lib/plugins/acl/script.js')

diff --git a/lib/plugins/acl/script.js b/lib/plugins/acl/script.js
index 449a3c16a..d5d0371a9 100644
--- a/lib/plugins/acl/script.js
+++ b/lib/plugins/acl/script.js
@@ -118,7 +118,11 @@ acl = {
         var ul = document.createElement('ul');
         listitem.appendChild(ul);
         ajax.elementObj = ul;
-        ajax.runAJAX(link.search.substr(1)+'&ajax=tree');
+        ajax.setVar('ajax', 'tree');
+        var frm = $('acl__detail').getElementsByTagName('form')[0];
+        ajax.setVar('current_ns', encodeURIComponent(frm.elements['ns'].value));
+        ajax.setVar('current_id', encodeURIComponent(frm.elements['id'].value));
+        ajax.runAJAX(link.search.substr(1));
         clicky.src = DOKU_BASE+'lib/images/minus.gif';
         return false;
     },
-- 
cgit v1.2.3