search

plone / plone4.csrffixes

Backport the auto CSRF implementation from Plone 5 to Plone 4
https://pypi.python.org/pypi/plone4.csrffixes
0 stars 4 forks source link

Bug in protect.js after using a popup prevents breaks save-button of TinyMCE #15

Closed pbauer closed 2 years ago

pbauer commented 8 years ago

After using a popup in TinyMCE (link, image, table etc.) the Save-button of TinyMCE no longer works.

TypeError: tinymce is null

tinymce.util.XHR._send.apply(tinymce.util.XHR, args);

Steps to reproduce :

  1. Enable the "Save"-Button in /@@tinymce-controlpanel
  2. Edit a page
  3. Use TinyMCE so that it opens a popup (link, image, table etc.). You cdo not have to add a link or image.
  4. Close the popup either by pressing esc or by adding a link
  5. Click the Save-button

Versions: Plone 4.3.4 plone4.csrffixes = 1.0.8 plone.protect = 3.0.16 plone.keyring = 3.0.1 plone.locking = 2.0.8

vangheem commented 8 years ago

huh, just before that, it tests the availability of "tinymce". Can you test locally some changes for me to see if it helps?

Can you replace the tinymce patch with this and report back?:

if(window.tinymce && window.tinymce.util.XHR._send === undefined){
    window.tinymce.util.XHR._send = window.tinymce.util.XHR.send;
    window.tinymce.util.XHR.send = function(){
      var args = Array.prototype.slice.call(arguments);
      if(args[0]){
        var config = args[0];
        if(config.data && typeof(config.data) === 'string' &&
            config.url && config.url.indexOf(base_url) === 0){
          config.data = config.data + '&_authenticator=' + token;
        }
      }
      window.tinymce.util.XHR._send.apply(window.tinymce.util.XHR, args);
    };
  }
pbauer commented 8 years ago

Sorry but even with the new version it does not work. I get: 

TypeError: window.tinymce is null

window.tinymce.util.XHR._send.apply(window.tinymce.util.XHR, args);

In some very rare cases (about 1 in 50) I could save after adding an image but I could not figure out if it was related or not and could not figure out any pattern to reproduce the case when it worked.

vangheem commented 8 years ago

well, that is really weird. window.tinymce is null, not undefined which means something is setting it as null. What addons do you have installed? I mean, according to that error, the window.tinymce.util.XHR.send is being run and window.tinymce is getting set as null INSIDE the function.

Here is another one to try:

if(window.tinymce && window.tinymce.util.XHR._send === undefined){
    window.tinymce.util.XHR._send = window.tinymce.util.XHR.send;
    var xhr = window.tinymce.util.XHR;
    var _send = xhr.send;
    window.tinymce.util.XHR.send = function(){
      var args = Array.prototype.slice.call(arguments);
      if(args[0]){
        var config = args[0];
        if(config.data && typeof(config.data) === 'string' &&
            config.url && config.url.indexOf(base_url) === 0){
          config.data = config.data + '&_authenticator=' + token;
        }
      }
     _send.apply(xhr, args);
    };
  }
pbauer commented 8 years ago

I have nothing installed. I can reproduce the issue with a clean Plone 4.3.7 where I added the hotfix (source-checkout) and the needed pinns:

cssselect = 0.9.1
plone.keyring = 3.0.1
plone.locking = 2.0.8
plone.protect = 3.0.16

Anyway I can confirm that with the latest iteration it actually works \o/

vangheem commented 8 years ago

Thanks. I'll make a new release with the change.

pbauer commented 8 years ago

Sorry but I have to reopen this again. In IE the same issue still happens (after a popup was open the save-button no longer works). This time the error is "Unable to get property 'prototype' of undefined or null reference" (in german "Die Eigenschaft "prototype" eines undefinierten oder Nullverweises kann nicht abgerufen werden."). The line is:

var args = Array.prototype.slice.call(arguments);

I was able to reproduce that error using a vanilla Plone 4.3.6 with IE 11

vangheem commented 8 years ago

What version of IE? Who knew IE didn't have the Array object...

pbauer commented 8 years ago

IE 11

pbauer commented 8 years ago

Any news regarding this? Can I help somehow? I have a IE11 on hand.

vangheem commented 8 years ago

I haven't looked at it.

You can try replacing

window.tinymce.util.XHR.send = function(){
      var args = Array.prototype.slice.call(arguments);
      if(args[0]){
        var config = args[0];
        if(config.data && typeof(config.data) === 'string' &&
            config.url && config.url.indexOf(base_url) === 0){
          config.data = config.data + '&_authenticator=' + token;
        }
      }
      _send.apply(xhr, args);

With something like:

window.tinymce.util.XHR.send = function(config){
      var args = [];
      if(config){
        args.push(config);
        if(config.data && typeof(config.data) === 'string' &&
            config.url && config.url.indexOf(base_url) === 0){
          config.data = config.data + '&_authenticator=' + token;
        }
      }
      _send.apply(xhr, args);
pbauer commented 8 years ago

Sorry, I still get the same error using the code you provided. This time the line it complains about is _send.apply(xhr, args);

vangheem commented 8 years ago

The doesn't make sense. How can it be the same error? There is no prototype being called on that line.

pbauer commented 2 years ago

Closed due to long inactivity. Please reopen if this is still relevant for Plone 5.2 or 6.