+/**\r
+ * We do not want the CSRF protection enabled for the AJAX post requests, it causes only trouble.\r
+ * Get the csrftoken cookie and pass it to the X-CSRFToken HTTP request property.\r
+ */\r
+$('html').ajaxSend(function(event, xhr, settings) {\r
+ function getCookie(name) {\r
+ var cookieValue = null;\r
+ if (document.cookie && document.cookie != '') {\r
+ var cookies = document.cookie.split(';');\r
+ for (var i = 0; i < cookies.length; i++) {\r
+ var cookie = jQuery.trim(cookies[i]);\r
+ // Does this cookie string begin with the name we want?\r
+ if (cookie.substring(0, name.length + 1) == (name + '=')) {\r
+ cookieValue = decodeURIComponent(cookie.substring(name.length + 1));\r
+ break;\r
+ }\r
+ }\r
+ }\r
+ return cookieValue;\r
+ }\r
+ if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {\r
+ // Only send the token to relative URLs i.e. locally.\r
+ xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));\r
+ }\r
+});\r
+\r
var response_commands = {\r
refresh_page: function() {\r
window.location.reload(true)\r
alert('ok');\r
},\r
\r
- insert_comment: function(post_id, comment_id, comment, username, profile_url, delete_url, edit_url, convert_url) {\r
+ insert_comment: function(post_id, comment_id, comment, username, profile_url, delete_url, edit_url, convert_url, can_convert) {\r
var $container = $('#comments-container-' + post_id);\r
var skeleton = $('#new-comment-skeleton-' + post_id).html().toString();\r
\r
\r
$container.append(skeleton);\r
\r
+ // Show the convert comment to answer tool only if the current comment can be converted\r
+ if (can_convert == true) {\r
+ $('#comment-' + comment_id + '-convert').show();\r
+ }\r
+\r
$('#comment-' + comment_id).slideDown('slow');\r
},\r
\r
},\r
\r
mark_deleted: function(post_type, post_id) {\r
- if (post_type == 'answer') {\r
- var $answer = $('#answer-container-' + post_id);\r
- $answer.addClass('deleted');\r
- } else {\r
+ if (post_type == 'question') {\r
var $container = $('#question-table');\r
$container.addClass('deleted');\r
+ } else {\r
+ var $el = $('#' + post_type + '-container-' + post_id);\r
+ $el.addClass('deleted');\r
}\r
},\r
\r
$('a.ajax-command').live('click', function(evt) {\r
if (running) return false;\r
\r
- $('.context-menu-dropdown').slideUp('fast');\r
-\r
var el = $(this);\r
\r
+ var ajax_url = el.attr('href')\r
+ ajax_url = ajax_url + "?nocache=" + new Date().getTime()\r
+\r
+ $('.context-menu-dropdown').slideUp('fast');\r
+\r
if (el.is('.withprompt')) {\r
- load_prompt(evt, el, el.attr('href'));\r
+ load_prompt(evt, el, ajax_url);\r
} else if(el.is('.confirm')) {\r
var doptions = {\r
html: messages.confirm,\r
extra_class: 'confirm',\r
yes_callback: function() {\r
start_command();\r
- $.getJSON(el.attr('href'), function(data) {\r
+ $.getJSON(ajax_url, function(data) {\r
process_ajax_response(data, evt);\r
$dialog.fadeOut('fast', function() {\r
$dialog.remove();\r
var $dialog = show_dialog(doptions);\r
} else {\r
start_command();\r
- $.getJSON(el.attr('href'), function(data) {\r
+ $.getJSON(ajax_url, function(data) {\r
process_ajax_response(data, evt);\r
});\r
}\r
if ($form.length) {\r
var $textarea = $container.find('textarea');\r
var textarea = $textarea.get(0);\r
+ var $csrf = $container.find('[name="csrfmiddlewaretoken"]');\r
var $button = $container.find('.comment-submit');\r
var $cancel = $container.find('.comment-cancel');\r
var $chars_left_message = $container.find('.comments-chars-left-msg');\r
if (running) return false;\r
\r
var post_data = {\r
- comment: $textarea.val()\r
+ comment: $textarea.val(),\r
+ csrfmiddlewaretoken: $csrf.val()\r
}\r
\r
if (comment_in_form) {\r
projects / osqa.git / blobdiff