- Implemented CSP (Content Security Policy)

1fc3cce7 · Frank Bergmann · 7964d84e · 1fc3cce7 · 1fc3cce7 · 1fc3cce7
Commit 1fc3cce7 authored Nov 03, 2020 by Frank Bergmann
10 changed files
--- a/www/absences/capacity-planning.tcl
+++ b/www/absences/capacity-planning.tcl
@@ -268,6 +268,8 @@ append table_main_html "</tbody></table></td>"

 db_foreach projects_info_query $title_sql  {
 	
+        if {$work_days < 0.001} { set work_days 0.001 }
+
    	if {$workload ne ""} {
 		set workload_formatted [expr round(1000.0 * $workload / $work_days) / 10.0]
 	} else {

--- a/www/absences/index.adp
+++ b/www/absences/index.adp
@@ -4,8 +4,15 @@
 <property name="main_navbar_label">timesheet2_absences</property>
 <property name="left_navbar">@left_navbar_html;literal@</property>

+<!-- Show calendar on start- and end-date -->
+<script type="text/javascript" <if @::__csp_nonce@ not nil>nonce="@::__csp_nonce;literal@"</if>>
+window.addEventListener('load', function() { 
+     document.getElementById('start_date_calendar').addEventListener('click', function() { showCalendar('start_date', 'y-m-d'); });
+     document.getElementById('end_date_calendar').addEventListener('click', function() { showCalendar('end_date', 'y-m-d'); });
+});
+</script>

-<script type="text/javascript">
+<script type="text/javascript" <if @::__csp_nonce@ not nil>nonce="@::__csp_nonce;literal@"</if>>
 $(".po_form_element").each(function(index) {
     $(this).children().each(function( index_1 ) {
        if ( $(this).is('input') && $(this).attr('name') == 'start_date') {

--- a/www/absences/index.tcl
+++ b/www/absences/index.tcl
@@ -459,12 +459,12 @@ ad_form \
 	{start_date:text(text) \
 		{label "[_ intranet-timesheet2.Start_Date]"} \
 		{html {size 10}} {value "$start_date"} \
-		{after_html {<input type="button" style="height:23px; width:23px; background: url('/resources/acs-templating/calendar.gif');" onclick ="return showCalendar('start_date', 'y-m-d');" >}} \
+		{after_html {<input id=start_date_calendar type="button" style="height:23px; width:23px; background: url('/resources/acs-templating/calendar.gif');">}} \
 	}
 	{end_date:text(text) \
 		{label "[_ intranet-timesheet2.End_Date]"} \ 
 		{html {size 10}} {value "$end_date"} \
-		{after_html {<input type="button" style="height:23px; width:23px; background: url('/resources/acs-templating/calendar.gif');" onclick ="return showCalendar('end_date', 'y-m-d');" >}} \
+		{after_html {<input id=end_date_calendar type="button" style="height:23px; width:23px; background: url('/resources/acs-templating/calendar.gif');">}} \
 	}
 	{status_id:text(im_category_tree) \
 		optional {label #intranet-core.Status#} {value $status_id} \

--- a/www/absences/new.adp
+++ b/www/absences/new.adp
@@ -5,6 +5,14 @@
 <property name="main_navbar_label">timesheet2_absences</property>
 </if>

+<!-- Show calendar on start- and end-date -->
+<script type="text/javascript" <if @::__csp_nonce@ not nil>nonce="@::__csp_nonce;literal@"</if>>
+window.addEventListener('load', function() { 
+     document.getElementById('start_date_calendar').addEventListener('click', function() { showCalendarWithDateWidget('start_date', 'y-m-d'); });
+     document.getElementById('end_date_calendar').addEventListener('click', function() { showCalendarWithDateWidget('end_date', 'y-m-d'); });
+});
+</script>
+
 <if @message@ not nil>
  <div class="general-message">@message@</div>
 </if>
@@ -37,7 +45,7 @@
 </if>


-<script type="text/javascript">
+<script type="text/javascript" <if @::__csp_nonce@ not nil>nonce="@::__csp_nonce;literal@"</if>>
 function calculateAbsenceDuration() {
 	var debug = 1;
 	if (debug) console.log('intranet-timesheet2/www/absences/new: Calculating absence duration: Started');

--- a/www/absences/new.tcl
+++ b/www/absences/new.tcl
@@ -309,8 +309,8 @@ if {"edit" eq $form_mode} { set duration_days_label [lang::message::lookup {} in
 ad_form -extend -name absence -form $form_list

 ad_form -extend -name absence -form {
-    {start_date:date(date) {label "[_ intranet-timesheet2.Start_Date]"} {format "YYYY-MM-DD"} {after_html {<input type="button" style="height:23px; width:23px; background: url('/resources/acs-templating/calendar.gif');" onclick ="return showCalendarWithDateWidget('start_date', 'y-m-d');" >}}}
-    {end_date:date(date) {label "[_ intranet-timesheet2.End_Date]"}  {help_text "[lang::message::lookup {} intranet-timesheet2.Absence_end_date_help {Last days of absence. For a one day absence please enter start date = end date.}]"}  {format "YYYY-MM-DD"} {after_html {<input type="button" style="height:23px; width:23px; background: url('/resources/acs-templating/calendar.gif');" onclick ="return showCalendarWithDateWidget('end_date', 'y-m-d');" >}}}
+    {start_date:date(date) {label "[_ intranet-timesheet2.Start_Date]"} {format "YYYY-MM-DD"} {after_html {<input id=start_date_calendar type="button" style="height:23px; width:23px; background: url('/resources/acs-templating/calendar.gif');">}}}
+    {end_date:date(date) {label "[_ intranet-timesheet2.End_Date]"}  {help_text "[lang::message::lookup {} intranet-timesheet2.Absence_end_date_help {Last days of absence. For a one day absence please enter start date = end date.}]"}  {format "YYYY-MM-DD"} {after_html {<input id=end_date_calendar type="button" style="height:23px; width:23px; background: url('/resources/acs-templating/calendar.gif');">}}}
    {duration_days:text(text) {label "$duration_days_label"} {help_text "[lang::message::lookup {} intranet-timesheet2.Duration_help {Please specify the absence duration as hours or days.<br>Examples: '1 day', '4 hours', '1' (=one day), '0.5' (=half a day)}]"}}
    {description:text(textarea),optional {label "[_ intranet-timesheet2.Description]"} {html {cols 40}}}
    {contact_info:text(textarea),optional {label "[_ intranet-timesheet2.Contact_Info]"} {html {cols 40}}}

--- a/www/hours/history.tcl
+++ b/www/hours/history.tcl
@@ -48,7 +48,7 @@ if { $ending eq "" } { set ending [db_string sysdate "select to_char(sysdate,'YY

 set columns 3
 set colno 0
-set project_select "<script language=javascript>
+set project_select "<script type=\"text/javascript\" nonce=\"[im_csp_nonce]\">
 <!--
 var names=new Object();
 var values=new Object();
@@ -154,7 +154,7 @@ if {[ns_conn form] eq "" || $on_what_id eq ""} {
    return
 } else {
    doc_body_append "
-<script language=javascript>
+<script type=\"text/javascript\" nonce=\"[im_csp_nonce]\">
 <!--
 function set_select_boxes() {
    var let=new String(\"$letters\").charCodeAt(0)-new String(\"A\").charCodeAt(0);

--- a/www/hours/new.adp
+++ b/www/hours/new.adp
@@ -5,6 +5,26 @@
 <property name="left_navbar">@left_navbar_html;literal@</property>
 <property name="show_context_help_p">@show_context_help_p;literal@</property>

+<script type="text/javascript" <if @::__csp_nonce@ not nil>nonce="@::__csp_nonce;literal@"</if>>
+window.addEventListener('load', function() { 
+
+    document.querySelectorAll('.fold_in_link').forEach(item => {
+	var id = item.id;
+	var project_id = item.getAttribute('project_id');
+	item.addEventListener('click', function() { toggle_visibility(id, project_id);});
+    });
+
+    document.querySelectorAll('.fold_out_link').forEach(item => {
+	var id = item.id;
+	var project_id = item.getAttribute('project_id');
+	item.addEventListener('click', function() { toggle_visibility(id, project_id);});
+    })
+
+});
+</script>
+
+
+
 <%= [im_box_header $page_title] %>

 <form name=timesheet method=POST action=new-2>
@@ -71,7 +91,7 @@
 </table>
 </form>

-<script type="text/javascript">
+<script type="text/javascript" <if @::__csp_nonce@ not nil>nonce="@::__csp_nonce;literal@"</if>>
 	// Scripts for fold-in/fold out 
 	var obj_nested_list = [],
    	    child_arr = [],

--- a/www/hours/new.tcl
+++ b/www/hours/new.tcl
@@ -1285,7 +1285,7 @@ template::multirow foreach hours_multirow {
 		set in_out "out"
 		set fold_status "c"
 	    } 
-	    regsub -all "@@fold-icon-class@@" $table_rows "<input class=\"fold_${in_out}_link\" id=\"lnk$project_id\" type=\"button\" value=\"\" onclick=\"toggle_visibility('lnk$project_id', '${project_id}');\">" table_rows	   
+	    regsub -all "@@fold-icon-class@@" $table_rows "<input class=\"fold_${in_out}_link\" id=\"lnk$project_id\" project_id=$project_id type=\"button\" value=\"\" >" table_rows	   
 	    regsub -all "@@fold_status@@" $table_rows $fold_status table_rows		  
 	} else {
 	    regsub -all "@@fold-icon-class@@" $table_rows "\\&nbsp;\\&nbsp;\\&nbsp;" table_rows

--- a/www/hours/other-projects.adp
+++ b/www/hours/other-projects.adp
@@ -3,6 +3,14 @@
 <property name="context">#intranet-timesheet2.context#</property>
 <property name="main_navbar_label">timesheet2_timesheet</property>

+
+<script type="text/javascript" <if @::__csp_nonce@ not nil>nonce="@::__csp_nonce;literal@"</if>>
+window.addEventListener('load', function() { 
+     document.getElementById('list_check_all').addEventListener('click', function() { acs_ListCheckAll('project_list', this.checked) });
+});
+</script>
+
+
 <%= [im_box_header $page_title] %>
 <listtemplate name="other_projects"></listtemplate>
 <%= [im_box_footer] %>
--- a/www/hours/other-projects.tcl
+++ b/www/hours/other-projects.tcl
@@ -61,7 +61,7 @@ template::list::create \
 	project_chk {
 	    label "<input type=\"checkbox\" 
                          name=\"_dummy\" 
-                          onclick=\"acs_ListCheckAll('project_list', this.checked)\" 
+                          id=list_check_all \
                          title=\"Check/uncheck all rows\">"
 	    display_template {
 		@multirow.project_chk;noquote@