Index: lams_central/conf/security/Owasp.CsrfGuard.properties
===================================================================
diff -u -rbac8a1d9f2b37ca6e26f275886b9e6603a6c0fb7 -r3317bc79e858810750b2d6aacbcb4a0a6d36b841
--- lams_central/conf/security/Owasp.CsrfGuard.properties (.../Owasp.CsrfGuard.properties) (revision bac8a1d9f2b37ca6e26f275886b9e6603a6c0fb7)
+++ lams_central/conf/security/Owasp.CsrfGuard.properties (.../Owasp.CsrfGuard.properties) (revision 3317bc79e858810750b2d6aacbcb4a0a6d36b841)
@@ -164,7 +164,6 @@
org.owasp.csrfguard.protected.larsrcAuthoringRemoveItem=/lams/tool/larsrc11/authoring/removeItem.do
org.owasp.csrfguard.protected.larsrcChangeItemVisibility=/lams/tool/larsrc11/monitoring/changeItemVisibility.do
-
org.owasp.csrfguard.protected.mindmapAuthoringSave=/lams/tool/lamind10/authoring/updateContent.do
org.owasp.csrfguard.protected.mindmapAuthoringDefineLater=/lams/tool/lamind10/authoring/definelater.do
org.owasp.csrfguard.protected.mindmapMonitoringSubmissionDeadline=/lams/tool/lamind10/monitoring/setSubmissionDeadline.do
@@ -181,6 +180,8 @@
org.owasp.csrfguard.protected.previewAuthoringSave=/lams/tool/laprev11/authoring/update.do
org.owasp.csrfguard.protected.previewAuthoringDefineLater=/lams/tool/laprev11/authoring/definelater.do
+org.owasp.csrfguard.protected.previewMonitoringExportExcel=/lams/tool/laprev11/monitoring/exportTeamReport.do
+
org.owasp.csrfguard.protected.pixirAuthoringDefineLater=/lams/tool/lapixl10/authoring/definelater.do
org.owasp.csrfguard.protected.pixirAuthoringSave=/lams/tool/lapixl10/authoring/updateContent.do
@@ -199,6 +200,7 @@
org.owasp.csrfguard.protected.scratchieAuthoringDefineLater=/lams/tool/lascrt11/authoring/definelater.do
org.owasp.csrfguard.protected.scratchieAuthoringSaveItem=/lams/tool/lascrt11/authoring/saveItem.do
org.owasp.csrfguard.protected.scratchieAuthoringRemoveItem=/lams/tool/lascrt11/authoring/removeItem.do
+org.owasp.csrfguard.protected.scratchieMonitoringExportExcel=/lams/tool/lascrt11/monitoring/exportExcel.do
org.owasp.csrfguard.protected.scratchieMonitoringSubmissionDeadline=/lams/tool/lascrt11/monitoring/setSubmissionDeadline.do
org.owasp.csrfguard.protected.scratchieTblMonitoringExportExcel=/lams/tool/lascrt11/tblmonitoring/exportExcel.do
org.owasp.csrfguard.protected.scratchieSaveUserMark=/lams/tool/lascrt11/monitoring/saveUserMark.do
@@ -209,6 +211,7 @@
org.owasp.csrfguard.protected.surveyAuthoringSave=/lams/tool/lasurv11/authoring/update.do
org.owasp.csrfguard.protected.surveyAuthoringDefineLater=/lams/tool/lasurv11/authoring/definelater.do
org.owasp.csrfguard.protected.surveyAuthoringSaveOrUpdate=/lams/tool/lasurv11/authoring/saveOrUpdateItem.do
+org.owasp.csrfguard.protected.surveyMonitoringExportExcel=/lams/tool/lasurv11/monitoring/exportSurvey.do
org.owasp.csrfguard.protected.surveyMonitoringSubmissionDeadline=/lams/tool/lasurv11/monitoring/setSubmissionDeadline.do
org.owasp.csrfguard.protected.taskAuthoringSave=/lams/tool/latask10/authoring/update.do
Index: lams_central/web/includes/javascript/download.js
===================================================================
diff -u -r7475d08afc280b5e2e5ddf04e8bf35e3166aaf80 -r3317bc79e858810750b2d6aacbcb4a0a6d36b841
--- lams_central/web/includes/javascript/download.js (.../download.js) (revision 7475d08afc280b5e2e5ddf04e8bf35e3166aaf80)
+++ lams_central/web/includes/javascript/download.js (.../download.js) (revision 3317bc79e858810750b2d6aacbcb4a0a6d36b841)
@@ -37,7 +37,13 @@
}
}
}, 1000);
-
- document.location.href = downloadUrl + '&downloadTokenValue=' + token;
+
+ //dynamically create a form and submit it
+ var form = $('');
+ var hiddenInput = $('');
+ form.append(hiddenInput);
+ $(document.body).append(form);
+ form.submit();
+
return false;
}
\ No newline at end of file
Index: lams_tool_assessment/web/pages/monitoring/summary.jsp
===================================================================
diff -u -r82166d9c82b6d5ef5fd3f22db5174bbee8a286f4 -r3317bc79e858810750b2d6aacbcb4a0a6d36b841
--- lams_tool_assessment/web/pages/monitoring/summary.jsp (.../summary.jsp) (revision 82166d9c82b6d5ef5fd3f22db5174bbee8a286f4)
+++ lams_tool_assessment/web/pages/monitoring/summary.jsp (.../summary.jsp) (revision 3317bc79e858810750b2d6aacbcb4a0a6d36b841)
@@ -299,10 +299,7 @@
}
function exportSummary() {
- var url = "";
- var reqIDVar = new Date();
- var param = "?sessionMapID=${sessionMapID}&reqID="+reqIDVar.getTime();
- url = url + param;
+ var url = "?&sessionMapID=${sessionMapID}&reqID="+(new Date()).getTime();
return downloadFile(url, 'messageArea_Busy', '', 'messageArea', 'btn-disable-on-submit');
};
Index: lams_tool_lamc/web/monitoring/MonitoringMaincontent.jsp
===================================================================
diff -u -r66b044dc18d78c8a61a15c197d0c2d6a1f989c18 -r3317bc79e858810750b2d6aacbcb4a0a6d36b841
--- lams_tool_lamc/web/monitoring/MonitoringMaincontent.jsp (.../MonitoringMaincontent.jsp) (revision 66b044dc18d78c8a61a15c197d0c2d6a1f989c18)
+++ lams_tool_lamc/web/monitoring/MonitoringMaincontent.jsp (.../MonitoringMaincontent.jsp) (revision 3317bc79e858810750b2d6aacbcb4a0a6d36b841)
@@ -39,7 +39,7 @@
function downloadMarks() {
var url = "";
var reqIDVar = new Date();
- var param = "?toolContentID=${mcGeneralMonitoringDTO.toolContentID}&reqID="+reqIDVar.getTime();
+ var param = "?&toolContentID=${mcGeneralMonitoringDTO.toolContentID}&reqID="+reqIDVar.getTime();
url = url + param;
return downloadFile(url, 'message-area-busy', '', 'message-area', 'btn-disable-on-submit');
Index: lams_tool_preview/src/java/org/lamsfoundation/lams/tool/peerreview/web/controller/MonitoringController.java
===================================================================
diff -u -r7b3ea39ddf6e10186cf9916562121c205bb0e5ad -r3317bc79e858810750b2d6aacbcb4a0a6d36b841
--- lams_tool_preview/src/java/org/lamsfoundation/lams/tool/peerreview/web/controller/MonitoringController.java (.../MonitoringController.java) (revision 7b3ea39ddf6e10186cf9916562121c205bb0e5ad)
+++ lams_tool_preview/src/java/org/lamsfoundation/lams/tool/peerreview/web/controller/MonitoringController.java (.../MonitoringController.java) (revision 3317bc79e858810750b2d6aacbcb4a0a6d36b841)
@@ -57,6 +57,7 @@
import org.springframework.stereotype.Controller;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.ResponseStatus;
import org.springframework.web.util.HtmlUtils;
@@ -549,15 +550,10 @@
/**
* Exports Team Report into Excel spreadsheet.
- *
- * @throws ServletException
- * @throws IOException
*/
- @RequestMapping("/exportTeamReport")
+ @RequestMapping(path = "/exportTeamReport", method = RequestMethod.POST)
@ResponseStatus(HttpStatus.OK)
- public void exportTeamReport(HttpServletRequest request,
- HttpServletResponse response) throws ServletException {
-
+ public void exportTeamReport(HttpServletRequest request, HttpServletResponse response) throws ServletException {
Long toolContentId = WebUtil.readLongParam(request, PeerreviewConstants.ATTR_TOOL_CONTENT_ID);
Peerreview peerreview = service.getPeerreviewByContentId(toolContentId);
Index: lams_tool_preview/web/pages/monitoring/summary.jsp
===================================================================
diff -u -rff4cb6756aaf30d87ec0bd6f674dc5e7ab7f39a1 -r3317bc79e858810750b2d6aacbcb4a0a6d36b841
--- lams_tool_preview/web/pages/monitoring/summary.jsp (.../summary.jsp) (revision ff4cb6756aaf30d87ec0bd6f674dc5e7ab7f39a1)
+++ lams_tool_preview/web/pages/monitoring/summary.jsp (.../summary.jsp) (revision 3317bc79e858810750b2d6aacbcb4a0a6d36b841)
@@ -41,7 +41,7 @@