zydronium/getnamingo-registry
1
0
Fork 0
mirror of https://github.com/getnamingo/registry.git synced 2025-07-22 02:25:59 +02:00
Code Issues Projects Releases Packages Wiki Activity

Small security update

Browse source
This commit is contained in:
Pinga 2024-02-24 12:16:32 +02:00
parent 25c736b68b
commit 86f2096d1f
3 changed files with 7 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

4
cp/app/Controllers/DomainsController.php
View file

@ -2290,9 +2290,9 @@ class DomainsController extends Controller
} else { } else {
$clid = 0; $clid = 0;
} }
return view($response,'admin/domains/listTransfers.twig', [ return view($response,'admin/domains/listTransfers.twig', [
'clid' => $clid 'clid' => base64_encode($clid)
]); ]);
} }

4
cp/resources/views/admin/domains/listTransfers.twig
View file

@ -54,8 +54,8 @@
</div> </div>
</div> </div>
</div> </div>
<div class="table-responsive"> <div class="table-responsive" data-ref="{{ clid }}">
<div id="transferTable"></div><input type="hidden" id="clid" value="{{ clid }}"> <div id="transferTable"></div>
</div> </div>
</div> </div>
</div> </div>

5
cp/resources/views/partials/js-transfers.twig
View file

@ -12,13 +12,14 @@
var value = cell.getValue(); var value = cell.getValue();
return `<a href="/domain/view/${value}" style="font-weight:bold;">${value}</a>`; return `<a href="/domain/view/${value}" style="font-weight:bold;">${value}</a>`;
} }
function actionsFormatter(cell, formatterParams, onRendered) { function actionsFormatter(cell, formatterParams, onRendered) {
var rowData = cell.getRow().getData(); var rowData = cell.getRow().getData();
var actionButtons = ''; var actionButtons = '';
var hasPendingStatus = rowData.trstatus && rowData.trstatus.includes('pending'); var hasPendingStatus = rowData.trstatus && rowData.trstatus.includes('pending');
var clidValue = document.getElementById('clid').value; const tableResponsive = document.querySelector('.table-responsive');
const clidValue = atob(tableResponsive.dataset.ref);
if (hasPendingStatus && clidValue === '0') { if (hasPendingStatus && clidValue === '0') {
actionButtons += `<a class="btn btn-outline-success btn-icon approve-btn" id="approve-btn" href="javascript:void(0);" data-approve-url="transfer/approve/${cell.getRow().getData().name}" title="{{ __('Approve Transfer') }}"><svg xmlns="http://www.w3.org/2000/svg" class="icon" width="24" height="24" viewBox="0 0 24 24" stroke-width="2" stroke="currentColor" fill="none" stroke-linecap="round" stroke-linejoin="round"><path stroke="none" d="M0 0h24v24H0z" fill="none"/><path d="M9 11l3 3l8 -8" /><path d="M20 12v6a2 2 0 0 1 -2 2h-12a2 2 0 0 1 -2 -2v-12a2 2 0 0 1 2 -2h9" /></svg></a> `; actionButtons += `<a class="btn btn-outline-success btn-icon approve-btn" id="approve-btn" href="javascript:void(0);" data-approve-url="transfer/approve/${cell.getRow().getData().name}" title="{{ __('Approve Transfer') }}"><svg xmlns="http://www.w3.org/2000/svg" class="icon" width="24" height="24" viewBox="0 0 24 24" stroke-width="2" stroke="currentColor" fill="none" stroke-linecap="round" stroke-linejoin="round"><path stroke="none" d="M0 0h24v24H0z" fill="none"/><path d="M9 11l3 3l8 -8" /><path d="M20 12v6a2 2 0 0 1 -2 2h-12a2 2 0 0 1 -2 -2v-12a2 2 0 0 1 2 -2h9" /></svg></a> `;