From 2c6a58206a92736b70d4449209f54ae7fecd6b4f Mon Sep 17 00:00:00 2001 From: Ilya Konanykhin Date: Wed, 18 Jan 2017 14:54:48 +0600 Subject: [PATCH 1/3] Fix: incorrect variable scoping in task_lists.js & time_entries.js --- app/assets/javascripts/task_lists.js | 4 ++-- app/assets/javascripts/time_entries.js | 26 +++++++++++++------------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/app/assets/javascripts/task_lists.js b/app/assets/javascripts/task_lists.js index b17d8d4..8345efe 100644 --- a/app/assets/javascripts/task_lists.js +++ b/app/assets/javascripts/task_lists.js @@ -4,7 +4,7 @@ $(".task_list_task").click(function(){ $("#update_tasks_submit").click(function(){ - tasks = []; + var tasks = []; $(".task_list_task").each(function(){ tasks.push({ id: parseInt($(this).data("id")), @@ -12,7 +12,7 @@ $("#update_tasks_submit").click(function(){ }); }); - json_data = { tasks: tasks }; + var json_data = {tasks: tasks}; $.ajax({ url: $("#update_tasks_submit").data("url"), diff --git a/app/assets/javascripts/time_entries.js b/app/assets/javascripts/time_entries.js index ae37288..78ba3c7 100644 --- a/app/assets/javascripts/time_entries.js +++ b/app/assets/javascripts/time_entries.js @@ -10,15 +10,15 @@ $(document).ready(function () { }) $("#add_time_entry_submit").click(function () { - date = $date_input.val(); - start_date = new Date(date + " " + $start_time_input.val()); - end_date = new Date(date + " " + $end_time_input.val()); + var date = $date_input.val(); + var start_date = new Date(date + " " + $start_time_input.val()); + var end_date = new Date(date + " " + $end_time_input.val()); - forward = $("#add_time_entry_submit").data("forward"); + var forward = $("#add_time_entry_submit").data("forward"); // If a bike is selected, forward to the bike // checklist. - bike_id = parseInt($("#bike_id").val()); + var bike_id = parseInt($("#bike_id").val()); if (bike_id > 0) { forward = "/task_lists/" + bike_id + "/edit"; } @@ -27,7 +27,7 @@ $(document).ready(function () { // how to get Netzke to render UTC dates correctly (it calls to_json // somewhere and drops off the timezone). For the time being, save dates // in locale like Netzke. - json_data = { + var json_data = { time_entries: [{ start_date: moment(start_date).format("DD-MM-YYYY h:mm A"), end_date: moment(end_date).format("DD-MM-YYYY h:mm A"), @@ -54,11 +54,11 @@ $(document).ready(function () { }); $(".work_entry-delete-btn").click(function () { - row = $(this).closest("tr"); - entry_id = row.data("id"); - start_date = row.data("start_date"); - duration = row.data("duration"); - description = row.data("description"); + var row = $(this).closest("tr"); + var entry_id = row.data("id"); + var start_date = row.data("start_date"); + var duration = row.data("duration"); + var description = row.data("description"); $("#work_entry_start_date").html(start_date); $("#work_entry_duration").html(duration); $("#work_entry_description").html(description); @@ -66,8 +66,8 @@ $(document).ready(function () { }); $("#confirmation_delete").click(function () { - entry_id = $(this).data("entry_id"); - url = $("#confirmation_delete").data("url") + entry_id; + var entry_id = $(this).data("entry_id"); + var url = $("#confirmation_delete").data("url") + entry_id; $.ajax({ url: url, type: "delete", From 76980a89035fd5a6ef17ed679810aae9b6a8db9f Mon Sep 17 00:00:00 2001 From: Ilya Konanykhin Date: Wed, 18 Jan 2017 14:58:14 +0600 Subject: [PATCH 2/3] Fix: more explicit (and correct) time entries delete URL --- app/assets/javascripts/time_entries.js | 2 +- app/views/time_entries/index.haml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/assets/javascripts/time_entries.js b/app/assets/javascripts/time_entries.js index 78ba3c7..bbf4903 100644 --- a/app/assets/javascripts/time_entries.js +++ b/app/assets/javascripts/time_entries.js @@ -67,7 +67,7 @@ $(document).ready(function () { $("#confirmation_delete").click(function () { var entry_id = $(this).data("entry_id"); - var url = $("#confirmation_delete").data("url") + entry_id; + var url = $("#confirmation_delete").data("url-template").replace(/__ID__/, entry_id); $.ajax({ url: url, type: "delete", diff --git a/app/views/time_entries/index.haml b/app/views/time_entries/index.haml index bd9f502..17ce590 100644 --- a/app/views/time_entries/index.haml +++ b/app/views/time_entries/index.haml @@ -41,7 +41,7 @@ #work_entry_description Description .modal-footer %button.btn.btn-default(data-dismiss="modal" aria-hidden="true") Cancel - %button.btn.btn-danger#confirmation_delete(data-url="api/v1/time_entries/") Delete + %button.btn.btn-danger#confirmation_delete{data: {url_template: api_delete_time_entry_path('__ID__')}} Delete From 4dcce60fb894340b932b2b8d6494576098e00b1c Mon Sep 17 00:00:00 2001 From: Ilya Konanykhin Date: Wed, 18 Jan 2017 14:59:48 +0600 Subject: [PATCH 3/3] Fix: HTML injection --- app/assets/javascripts/time_entries.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/app/assets/javascripts/time_entries.js b/app/assets/javascripts/time_entries.js index bbf4903..ecf050b 100644 --- a/app/assets/javascripts/time_entries.js +++ b/app/assets/javascripts/time_entries.js @@ -59,9 +59,9 @@ $(document).ready(function () { var start_date = row.data("start_date"); var duration = row.data("duration"); var description = row.data("description"); - $("#work_entry_start_date").html(start_date); - $("#work_entry_duration").html(duration); - $("#work_entry_description").html(description); + $("#work_entry_start_date").text(start_date); + $("#work_entry_duration").text(duration); + $("#work_entry_description").text(description); $("#confirmation_delete").data("entry_id", entry_id); });