Commit 8fb60a78 authored by Eric Windham's avatar Eric Windham Committed by GitHub

Merge pull request #3368 from wpninjas/kasper-disclosure

Enforce JSON response type on Submission callback data.
parents 65cf34fd 938b0afd
This source diff could not be displayed because it is too large. You can view the blob instead.
This diff is collapsed.
This source diff could not be displayed because it is too large. You can view the blob instead.
This source diff could not be displayed because it is too large. You can view the blob instead.
This diff is collapsed.
This diff is collapsed.
......@@ -125,7 +125,7 @@ define([], function() {
cache: false,
success: function( data, textStatus, jqXHR ) {
try {
var response = jQuery.parseJSON( data );
var response = data;
nfRadio.channel( 'forms' ).trigger( 'submit:response', response, textStatus, jqXHR, formModel.get( 'id' ) );
nfRadio.channel( 'form-' + formModel.get( 'id' ) ).trigger( 'submit:response', response, textStatus, jqXHR );
jQuery( document ).trigger( 'nfFormSubmitResponse', { response: response, id: formModel.get( 'id' ) } );
......
......@@ -108,7 +108,7 @@ jQuery( document ).ready( function( $ ) {
cache: false,
success: function( data, textStatus, jqXHR ) {
try {
var response = jQuery.parseJSON( data );
var response = data;
nfRadio.channel( 'forms' ).trigger( 'submit:response', response, textStatus, jqXHR, formModel.get( 'id' ) );
nfRadio.channel( 'form-' + formModel.get( 'id' ) ).trigger( 'submit:response', response, textStatus, jqXHR );
} catch( e ) {
......
This diff is collapsed.
This source diff could not be displayed because it is too large. You can view the blob instead.
File mode changed from 100644 to 100755
File mode changed from 100755 to 100644
File mode changed from 100644 to 100755
This diff is collapsed.
This diff is collapsed.
......@@ -42,6 +42,13 @@ class NF_AJAX_Controllers_Submission extends NF_Abstracts_Controller
$this->_form_id = $this->_form_data['id'];
// If we don't have a numeric form ID...
if ( ! is_numeric( $this->_form_id ) ) {
// Kick the request out without processing.
$this->_errors[] = __( 'Form does not exist.', 'ninja-forms' );
$this->_respond();
}
if( $this->is_preview() ) {
$this->_form_cache = get_user_option( 'nf_form_preview_' . $this->_form_id );
......@@ -462,4 +469,15 @@ class NF_AJAX_Controllers_Submission extends NF_Abstracts_Controller
if( ! isset( $this->_form_data[ 'settings' ][ 'is_preview' ] ) ) return false;
return $this->_form_data[ 'settings' ][ 'is_preview' ];
}
/*
* Overwrite method for parent class.
*/
protected function _respond( $data = array() )
{
// Set a content type of JSON for the purpose of previnting XSS attacks.
header( 'Content-Type: application/json' );
// Call the parent method.
parent::_respond();
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment