Roll back thumbnail upload on edit page, which seems to be the source of the random logouts

Craig Dietrich · Craig Dietrich · commit dd31d221e7eb · 2016-08-31T18:27:58.000-07:00
It uses a hidden iframe, which seems to be causing the session IDs to
regenerated after 5 min…. so, another solution is needed.
diff --git a/system/application/libraries/MY_Session.php b/system/application/libraries/MY_Session.php
diff --git a/system/application/models/login_model.php b/system/application/models/login_model.php
@@ -40,6 +40,7 @@ public function get() {
 			$result = $this->get_by_user_id($user_id);
 			$result->is_logged_in = true;
 			$result->error = null;
+			$result->uri = $_SERVER['REQUEST_URI'];
 			$this->session->set_userdata(array($this->login_basename => (array) $result));
 			return (object) $data;
 		}
@@ -49,6 +50,7 @@ public function get() {
 		$data = new stdClass;
 		$data->is_logged_in = false;
 		$data->error = null;
+		$data->uri = $_SERVER['REQUEST_URI'];
 		$this->session->set_userdata(array($this->login_basename => (array) $data));
 		return (object) $data;
 
diff --git a/system/application/views/arbors/html5_RDFa/js/form-validation.js b/system/application/views/arbors/html5_RDFa/js/form-validation.js
@@ -191,12 +191,16 @@ function validate_edit_form(form, no_action) {
 	
 	var commit = function() {
 		if (!check_fields()) return false;
+		finish();  
+		// Don't use thumbnail upload, it seems to be the cause of the random logouts since it runs in an iframe
+		/*
 		var file_el = form.find('input[name="source_file"]');
 		if (file_el.length && file_el.val().length) {
 			form_file();
 		} else {
 			finish();
 		};
+		*/
 	};
 
 	if ('source'==CKEDITOR.instances['sioc:content'].mode) {  // If in source mode, switch to WYSIWYG to invoke formatting
diff --git a/system/application/views/melons/cantaloupe/edit.php b/system/application/views/melons/cantaloupe/edit.php
@@ -211,6 +211,7 @@
 		$(this).parents('#style-confirm,#script-confirm').data('confirmed',true).modal('hide');
 	})
 	// Taxonomies for title typeahead
+	/*
 	var fcroot = document.getElementById("approot").href.replace('/system/application/','');
 	var book_slug = document.getElementById("parent").href.substring(fcroot.length);
 	book_slug = book_slug.replace(/\//g,'');
@@ -240,6 +241,7 @@
 		})
 		$('#title').autocomplete({source:suggestions});
 	});
+	*/
 	// Color Picker (in editor)
 	if ($.isFunction($.fn.farbtastic)) {
 		$('#colorpicker').farbtastic('#color_select');
@@ -411,7 +413,7 @@ function badges() {
     </div>
   </div>
 </div>
-<form id="edit_form" target="hidden_upload" action="<?=base_url().$book->slug.'/'?>upload_thumb" class="caption_font" method="post" enctype="multipart/form-data" onsubmit="return validate_edit_form($(this));">
+<form id="edit_form" class="caption_font" method="post" action="<?=base_url().$book->slug.'/'?>" onsubmit="validate_edit_form($(this));return false;">
 <input type="hidden" name="action" value="<?=(isset($page->version_index))?'update':'add'?>" />
 <input type="hidden" name="native" value="1" />
 <input type="hidden" name="scalar:urn" value="<?=(isset($page->version_index)) ? $page->versions[$page->version_index]->urn : ''?>" />
@@ -772,11 +774,13 @@ function badges() {
 			  				}
 			  			?></select>
 					</div>
+					<!--  
 					<div class="form-group">
 			  			<label>Or upload a new thumbnail: &nbsp; <small>(JPG, PNG, or GIF format; will be resized to 120px)</small> &nbsp; <small><a href="javascript:void(null);" onclick="$('input[name=\'source_file\']').val('');return false;">clear selected file</a></small></label>
 			  			<input type="file" name="source_file" />
 			  			<div style="margin:0;padding:0;height:0;border:0;overflow:hidden;"><iframe id="hidden_upload" name="hidden_upload" src=""></iframe></div>
 					</div>
+					-->
 					<div class="form-group">
 			  			<label for="enter_thumbnail_url">Or enter any image URL:</label>
 			  			<input id="enter_thumbnail_url" class="form-control" type="text" name="scalar:thumbnail" value="<?=@$page->thumbnail?>" />
diff --git a/system/application/views/melons/cantaloupe/js/main.js b/system/application/views/melons/cantaloupe/js/main.js
@@ -411,7 +411,7 @@ $(window).ready(function() {
 		  // Scalar API
 		  {load: [base_uri+'/js/jquery.rdfquery.rules-1.0.js',
 		          base_uri+'/js/jquery.RDFa.js',
-		          base_uri+'/js/form-validation.js',
+		          base_uri+'/js/form-validation.js?v=2',
 		          widgets_uri+'/nav/jquery.scalarrecent.js',
 		          widgets_uri+'/cookie/jquery.cookie.js',
 		          widgets_uri+'/api/scalarapi.js'], complete:function() {
diff --git a/system/core/Input.php b/system/core/Input.php
@@ -845,7 +845,10 @@ public function get_request_header($index, $xss_clean = FALSE)
 	 */
 	public function is_ajax_request()
 	{
-		return ($this->server('HTTP_X_REQUESTED_WITH') === 'XMLHttpRequest');
+		if ( !isset($_SERVER['HTTP_X_REQUESTED_WITH']) || strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) != 'xmlhttprequest' ) {
+			return false;
+		}
+		return true;
 	}
 
 	// --------------------------------------------------------------------

Original file line number	Diff line number	Diff line change
`@@ -845,7 +845,10 @@ public function get_request_header($index, $xss_clean = FALSE)`
`845`	`845`	`*/`
`846`	`846`	`public function is_ajax_request()`
`847`	`847`	`{`
`848`		`- return ($this->server('HTTP_X_REQUESTED_WITH') === 'XMLHttpRequest');`
	`848`	`+ if ( !isset($_SERVER['HTTP_X_REQUESTED_WITH']) \|\| strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) != 'xmlhttprequest' ) {`
	`849`	`+ return false;`
	`850`	`+ }`
	`851`	`+ return true;`
`849`	`852`	`}`
`850`	`853`
`851`	`854`	`// --------------------------------------------------------------------`