projects / civicrm-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3140a41) | patch
CRM-15578 - civicrm/ajax/attachment - Fix for attachments when debugging is disabled.
authorTim Otten <totten@civicrm.org>
Tue, 6 Jan 2015 00:41:33 +0000 (16:41 -0800)
committerTim Otten <totten@civicrm.org>
Tue, 6 Jan 2015 00:43:36 +0000 (16:43 -0800)
commit2b7de0448ed5cd4731be30fc22e33d977e245d44
tree0b6cce4f40100af5c6bf582e2d36642ddbb6ae5btree | snapshot (zip tar.gz)
parent3140a41538f28fbbb2cb61ac6810bca9263ef16bcommit | diff
CRM-15578 - civicrm/ajax/attachment - Fix for attachments when debugging is disabled.

The isAJAX() XSS check doesn't work correctly with the Angular file-upload
client. This wasn't previously observed because most development was done in
debug mode.

Remove the isAJAX() XSS check. Instead, protect against XSS with a secure
token.
CRM/Core/Page/AJAX/Attachment.php diff | blob | blame | history
CRM/Core/Page/Angular.php diff | blob | blame | history
js/angular-crmAttachment.js diff | blob | blame | history