From d18bd17eb7d13010e3daef5351d7f7ec64480fd7 Mon Sep 17 00:00:00 2001 From: Thomas Müller Date: Thu, 11 Jul 2013 00:00:01 +0200 Subject: - eventsource.php: in case of potential CSRF attack we send an error message from the EventSource to the browser - eventsource.js: handle undefined data on event - update.js: in case of error we close the event source - advise the user to reload the page - update.php: EventSource initialization is now done before we enter the maintenance mode in order to allow browser reload in case of possible CSRF attack --- core/js/eventsource.js | 6 +++++- core/js/update.js | 5 ++++- 2 files changed, 9 insertions(+), 2 deletions(-) (limited to 'core/js') diff --git a/core/js/eventsource.js b/core/js/eventsource.js index ce8c8387c8e..536b180bc8f 100644 --- a/core/js/eventsource.js +++ b/core/js/eventsource.js @@ -110,7 +110,11 @@ OC.EventSource.prototype={ this.listeners[type].push(callback); }else{ this.source.addEventListener(type,function(e){ - callback(JSON.parse(e.data)); + if (typeof e.data != 'undefined') { + callback(JSON.parse(e.data)); + } else { + callback(''); + } },false); } }else{ diff --git a/core/js/update.js b/core/js/update.js index 8ab02bbf935..2c28e72f7cd 100644 --- a/core/js/update.js +++ b/core/js/update.js @@ -5,6 +5,9 @@ $(document).ready(function () { }); updateEventSource.listen('error', function(message) { $('').addClass('error').append(message).append('
').appendTo($('.update')); + message = 'Please reload the page.'; + $('').addClass('error').append(message).append('
').appendTo($('.update')); + updateEventSource.close(); }); updateEventSource.listen('failure', function(message) { $('').addClass('error').append(message).append('
').appendTo($('.update')); @@ -20,4 +23,4 @@ $(document).ready(function () { window.location.href = OC.webroot; }, 3000); }); -}); \ No newline at end of file +}); -- cgit v1.2.3