From: Manoj K <manoj.k@zyxware.com>
Date: Mon, 20 Oct 2014 10:33:11 +0000 (+0530)
Subject: #30556 - Fixed XSS exception while submission of widget edit form.
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=58bba9780d30aa9b9fed7f892426747fd36afecc;p=com.zyxware.civiwci.git

#30556 - Fixed XSS exception while submission of widget edit form.
---

diff --git a/CRM/Wci/BAO/Widget.php b/CRM/Wci/BAO/Widget.php
index d1b9cce..1d35044 100644
--- a/CRM/Wci/BAO/Widget.php
+++ b/CRM/Wci/BAO/Widget.php
@@ -152,6 +152,7 @@ class CRM_Wci_BAO_Widget extends CRM_Wci_DAO_Widget {
       $data["color_border"] = $dao->color_border;
       $data["color_button"] = $dao->color_button;
       $data["color_button_bg"] = $dao->color_button_bg;
+      $data['style_rules'] = $dao->style_rules;
       $data["pb_percentage"] = CRM_Wci_BAO_ProgressBar::getProgressbarPercentage($dao->progress_bar_id);
     }
 
diff --git a/CRM/Wci/Form/CreateWidget.php b/CRM/Wci/Form/CreateWidget.php
index ca7a448..bc114f0 100644
--- a/CRM/Wci/Form/CreateWidget.php
+++ b/CRM/Wci/Form/CreateWidget.php
@@ -149,7 +149,7 @@ class CRM_Wci_Form_CreateWidget extends CRM_Core_Form {
         ),
     ));
     
-    $this->add('textarea', 'embd_code', ts('Code to embed:'));
+    // $this->add('textarea', 'embd_code', ts('Code to embed:'));
     
     // export form elements
     $this->assign('elementNames', $this->getRenderableElementNames());
@@ -213,18 +213,18 @@ where w.id=" . $this->_id;
               'custom_template' => $cust_templ));
         }
       }
-      $widget_controller_path = getWciWidgetControllerPath();
-      
-      $emb_code = "<script src=\"http://code.jquery.com/jquery-1.9.1.min.js\"></script>
-<script type=\"text/javascript\" src=\"" . $widget_controller_path . "?widgetId=" . $this->_id . "\"></script>
-<script>
-$( document ).ready(function() {
-$('#widgetwci').html(wciwidgetcode);
-});
-</script>
-<div id='widgetwci'>
-</div>";
-      $this->getElement('embd_code')->setValue($emb_code);
+      // $widget_controller_path = getWciWidgetControllerPath();
+      // 
+      // $emb_code = "<script src=\"http://code.jquery.com/jquery-1.9.1.min.js\"></script>
+// <script type=\"text/javascript\" src=\"" . $widget_controller_path . "?widgetId=" . $this->_id . "\"></script>
+// <script>
+// $( document ).ready(function() {
+// $('#widgetwci').html(wciwidgetcode);
+// });
+// </script>
+// <div id='widgetwci'>
+// </div>";
+      // $this->getElement('embd_code')->setValue($emb_code);
     }
     else {
       /** Keep template in civicrm-wci/templates folder*/
diff --git a/templates/CRM/Wci/Form/CreateWidget.tpl b/templates/CRM/Wci/Form/CreateWidget.tpl
index e404678..52db603 100644
--- a/templates/CRM/Wci/Form/CreateWidget.tpl
+++ b/templates/CRM/Wci/Form/CreateWidget.tpl
@@ -23,9 +23,31 @@
       $template->assign('wciform', $data);
       $template->template_dir[] = getWciWidgetTemplatePath();
       $wcidata = $template->fetch('wciwidget.tpl');
+      $widget_controller_path = getWciWidgetControllerPath();
     }
   {/php}
 
+  <div class="crm-section">
+    <div class="label">
+      <label for="embd_code">Code to embed:</label>
+    </div>
+    <div class="content">
+      <div class="resizable-textarea">
+        <span>{literal}
+          <textarea name="embd_code" id="embd_code" class="form-textarea textarea-processed">&lt;script src="http://code.jquery.com/jquery-1.9.1.min.js"&gt;&lt;/script&gt;
+&lt;script type="text/javascript" src="{/literal}{php}echo $widget_controller_path;{/php}{literal}?widgetId={/literal}{php}echo $wid_id;{/php}{literal}"&gt;&lt;/script&gt;
+&lt;script&gt;
+  $( document ).ready(function() {
+    $('#widgetwci').html(wciwidgetcode);
+  });
+&lt;/script&gt;
+&lt;div id='widgetwci'&gt;&lt;/div&gt;</textarea>{/literal}
+          <div class="grippie" style="margin-right: 18px;"></div>
+        </span>
+      </div>
+    </div>
+    <div class="clear"></div>
+  </div>
   <div class="crm-section">
     <div class="content">
     {include file="CRM/Wci/Page/wciwidget.tpl"}