npm - nodebb-plugin-equipment-calendar - Versions diffs - 0.2.9 → 0.3.0 - Mend

nodebb-plugin-equipment-calendar 0.2.9 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/library.js +4 -6
package/package.json +1 -1
package/plugin.json +1 -1
package/public/templates/admin/plugins/equipment-calendar.tpl +1 -1
package/public/templates/equipment-calendar/calendar.tpl +1 -1

package/library.js CHANGED Viewed

@@ -311,8 +311,8 @@ plugin.init = async function (params) {
   // Admin (ACP) routes
   if (mid && mid.admin) {
-    router.get('/admin/plugins/equipment-calendar', mid.admin.buildHeader, renderAdminPage);
-    router.get('/api/admin/plugins/equipment-calendar', renderAdminPage);
+    router.get('/admin/plugins/equipment-calendar', middleware.applyCSRF, mid.admin.buildHeader, renderAdminPage);
+    router.get('/api/admin/plugins/equipment-calendar', middleware.applyCSRF, renderAdminPage);
     router.post('/admin/plugins/equipment-calendar/save', middleware.applyCSRF, handleAdminSave);
   }
@@ -393,8 +393,8 @@ plugin.addAdminNavigation = async function (header) {
 // --- Admin page routes (ACP) ---
 plugin.addAdminRoutes = async function (params) {
   const { router, middleware: mid } = params;
-  router.get('/admin/plugins/equipment-calendar', mid.admin.buildHeader, renderAdminPage);
-  router.get('/api/admin/plugins/equipment-calendar', renderAdminPage);
+  router.get('/admin/plugins/equipment-calendar', middleware.applyCSRF, mid.admin.buildHeader, renderAdminPage);
+  router.get('/api/admin/plugins/equipment-calendar', middleware.applyCSRF, renderAdminPage);
 };
 async function renderAdminPage(req, res) {
@@ -488,7 +488,6 @@ async function renderCalendarPage(req, res) {
     eventsB64: Buffer.from(JSON.stringify(events), 'utf8').toString('base64'),
     blocksB64: Buffer.from(JSON.stringify(blocks), 'utf8').toString('base64'),
     itemsB64: Buffer.from(JSON.stringify(items.map(i => ({ id: i.id, name: i.name, location: i.location }))), 'utf8').toString('base64'),
-    csrf: req.csrfToken,
   });
 }
@@ -538,7 +537,6 @@ async function renderApprovalsPage(req, res) {
     title: 'Validation des réservations',
     rows,
     hasRows: Array.isArray(rows) && rows.length > 0,
-    csrf: req.csrfToken,
   });
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "nodebb-plugin-equipment-calendar",
-  "version": "0.2.9",
+  "version": "0.3.0",
   "description": "Equipment reservation calendar for NodeBB (FullCalendar, approvals, HelloAsso payments)",
   "main": "library.js",
   "scripts": {

package/plugin.json CHANGED Viewed

@@ -26,6 +26,6 @@
   "scripts": [
     "public/js/client.js"
   ],
-  "version": "0.2.1",
+  "version": "0.2.2",
   "minver": "4.7.1"
 }

package/public/templates/admin/plugins/equipment-calendar.tpl CHANGED Viewed

@@ -2,7 +2,7 @@
   <h1>Equipment Calendar</h1>
   <form method="post" action="/admin/plugins/equipment-calendar/save" class="mb-3">
-    <input type="hidden" name="_csrf" value="{csrf}">
+    <input type="hidden" name="_csrf" value="{config.csrf_token}">
     <div class="alert alert-warning">
       Le champ "Matériel" doit être un JSON valide (array). Exemple :

package/public/templates/equipment-calendar/calendar.tpl CHANGED Viewed

@@ -24,7 +24,7 @@
           <button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Fermer"></button>
         </div>
         <div class="modal-body">
-          <input type="hidden" name="_csrf" value="{csrf}">
+          <input type="hidden" name="_csrf" value="{config.csrf_token}">
           <input type="hidden" name="start" value="">
           <input type="hidden" name="end" value="">