- eventsource.php: in case of potential CSRF attack we send an error message from the EventSource to the browser

- eventsource.js: handle undefined data on event
- update.js: in case of error we close the event source - advise the user to reload the page
- update.php: EventSource initialization is now done before we enter the maintenance mode in order to allow browser reload in case of possible CSRF attack

2 files changed, 9 insertions, 2 deletions

diff --git a/core/js/eventsource.js b/core/js/eventsource.js
index ce8c8387c8e..536b180bc8f 100644
--- a/core/js/eventsource.js
+++ b/core/js/eventsource.js
@@ -110,7 +110,11 @@ OC.EventSource.prototype={
 					this.listeners[type].push(callback);
 				}else{
 					this.source.addEventListener(type,function(e){
-						callback(JSON.parse(e.data));
+						if (typeof e.data != 'undefined') {
+							callback(JSON.parse(e.data));
+						} else {
+							callback('');
+						}
 					},false);
 				}
 			}else{
diff --git a/core/js/update.js b/core/js/update.js
index 8ab02bbf935..2c28e72f7cd 100644
--- a/core/js/update.js
+++ b/core/js/update.js
@@ -5,6 +5,9 @@ $(document).ready(function () {
 	});
 	updateEventSource.listen('error', function(message) {
 		$('<span>').addClass('error').append(message).append('<br />').appendTo($('.update'));
+		message = 'Please reload the page.';
+		$('<span>').addClass('error').append(message).append('<br />').appendTo($('.update'));
+		updateEventSource.close();
 	});
 	updateEventSource.listen('failure', function(message) {
 		$('<span>').addClass('error').append(message).append('<br />').appendTo($('.update'));
@@ -20,4 +23,4 @@ $(document).ready(function () {
 			window.location.href = OC.webroot;
 		}, 3000);
 	});
-});
\ No newline at end of file
+});