/*! Creates a \<a\> link tag of the given \a text using the given \a url. This is an overloaded function. The \a jsCondition argument serves for for creating Javascript confirm alerts where if you pass 'confirm' => 'Are you sure?', the link will be guarded with a Javascript popup asking that question. If the user accepts, the link is processed, otherwise not. */ QString TViewHelper::linkTo(const QString &text, const QUrl &url, Tf::HttpMethod method, const QString &jsCondition, const THtmlAttribute &attributes) const { QString string("<a href=\""); string.append(url.toString(QUrl::FullyEncoded)).append("\""); if (method == Tf::Post) { string.append(" onclick=\""); if (!jsCondition.isEmpty()) { string.append("if (").append(jsCondition).append(") { "); } string += "var f = document.createElement('form'); document.body.appendChild(f); f.method = 'post'; f.action = this.href;"; // Authenticity token QString token = actionView()->authenticityToken(); if (!token.isEmpty()) { string += " var i = document.createElement('input'); f.appendChild(i); i.type = 'hidden'; i.name = 'authenticity_token'; i.value = '"; string += token; string += "';"; } string += " f.submit();"; if (!jsCondition.isEmpty()) { string += " }"; } string += " return false;\""; } else { if (!jsCondition.isEmpty()) { string.append(" onclick=\"return ").append(jsCondition).append(";\""); } } string.append(attributes.toString()).append(">").append(text).append("</a>"); return string; }
/*! Creates a input tag with a authenticity token for CSRF protection. */ QString TViewHelper::inputAuthenticityTag() const { QString tag; if (Tf::appSettings()->value(Tf::EnableCsrfProtectionModule, true).toBool()) { QString token = actionView()->authenticityToken(); if (!token.isEmpty()) tag = inputTag("hidden", "authenticity_token", token, a("id", "authenticity_token")); } return tag; }
QString TPrototypeAjaxHelper::optionsToString(const TOption &options) const { QString string; // Adds authenticity_token TOption opt(options); QVariantMap map; QVariant v = opt[Tf::Parameters]; if (v.isValid() && v.canConvert(QVariant::Map)) { map = v.toMap(); } map.insert("authenticity_token", actionView()->authenticityToken()); opt.insert(Tf::Parameters, map); for (QMapIterator<int, QVariant> i(opt); i.hasNext(); ) { i.next(); // Appends ajax option QString s = stringOptionHash()->value(i.key()); if (!s.isEmpty() && i.value().canConvert(QVariant::String)) { string += s; string += QLatin1Char('\''); string += i.value().toString(); string += QLatin1String("', "); continue; } s = boolOptionHash()->value(i.key()); if (!s.isEmpty() && i.value().canConvert(QVariant::Bool)) { string += s; string += (i.value().toBool()) ? QLatin1String("true, ") : QLatin1String("false, "); continue; } if (i.key() == Tf::Method && i.value().canConvert(QVariant::Int)) { string += QLatin1String("method:'"); string += methodHash()->value(i.value().toInt()); string += QLatin1String("', "); continue; } // Appends 'parameters' option if (i.key() == Tf::Parameters) { QString val; if (i.value().canConvert(QVariant::Map)) { QVariantMap m = i.value().toMap(); for (QMapIterator<QString, QVariant> it(m); it.hasNext(); ) { it.next(); if (it.value().canConvert<TJavaScriptObject>()) { val += it.key(); val += QLatin1String(":"); val += it.value().value<TJavaScriptObject>().toString(); val += QLatin1String(", "); } else if (it.value().canConvert(QVariant::String)) { val += it.key(); val += QLatin1String(":'"); val += THttpUtility::toUrlEncoding(it.value().toString()); val += QLatin1String("', "); } } val.chop(2); } if (!val.isEmpty()) { string += QLatin1String("parameters: { "); string += val; string += QLatin1String(" }, "); } continue; } // Appends ajax callbacks s = eventStringHash()->value(i.key()); if (!s.isEmpty() && i.value().canConvert(QVariant::String)) { string += s; string += i.value().toString(); string += QLatin1String(", "); continue; } else { tWarn("invalid parameter: %d [%s:%d]", i.key(), __FILE__, __LINE__); } } string.chop(2); return string; }