<fmt:message key="index.outcome.manage" />

Index: lams_central/conf/security/Owasp.CsrfGuard.properties =================================================================== diff -u -ree2eb1711b99ac1eb975da1934ea4e78df57c89f -rfaaf36eefd3eed3baeae46071e5f754e8b24a7b0 --- lams_central/conf/security/Owasp.CsrfGuard.properties (.../Owasp.CsrfGuard.properties) (revision ee2eb1711b99ac1eb975da1934ea4e78df57c89f) +++ lams_central/conf/security/Owasp.CsrfGuard.properties (.../Owasp.CsrfGuard.properties) (revision faaf36eefd3eed3baeae46071e5f754e8b24a7b0) @@ -51,6 +51,7 @@ org.owasp.csrfguard.protected.centralSaveUserProfile=/lams/saveprofile.do org.owasp.csrfguard.protected.centralOutcomeSave=/lams/outcome/outcomeSave.do org.owasp.csrfguard.protected.centralOutcomeRemove=/lams/outcome/outcomeRemove.do +org.owasp.csrfguard.protected.centralOutcomeMap=/lams/outcome/outcomeMap.do org.owasp.csrfguard.protected.centralAddLessonDependency=/lams/lessonConditions/addLessonDependency.do org.owasp.csrfguard.protected.centralSetDaysToFinish=/lams/lessonConditions/setDaysToLessonFinish.do org.owasp.csrfguard.protected.centralDelLessonDependency=/lams/lessonConditions/removeLessonDependency.do @@ -96,6 +97,11 @@ org.owasp.csrfguard.protected.forumAuthoringSave=/lams/tool/lafrum11/authoring/update.do org.owasp.csrfguard.protected.forumAuthoringDefineLater=/lams/tool/lafrum11/authoring/definelater.do +org.owasp.csrfguard.protected.forumAuthoringCreateTopic=/lams/tool/lafrum11/authoring/createTopic.do +org.owasp.csrfguard.protected.forumAuthoringDeleteTopic=/lams/tool/lafrum11/authoring/deleteTopic.do +org.owasp.csrfguard.protected.forumAuthoringUpdateTopic=/lams/tool/lafrum11/authoring/updateTopic.do +org.owasp.csrfguard.protected.forumAuthoringDeleteAttach=/lams/tool/lafrum11/authoring/deleteAttachment.do + org.owasp.csrfguard.protected.forumMonitoringSubmissionDeadline=/lams/tool/lafrum11/monitoring/setSubmissionDeadline.do org.owasp.csrfguard.protected.forumUpdateMark=/lams/tool/lafrum11/monitoring/updateMark.do Index: lams_central/src/java/org/lamsfoundation/lams/web/outcome/OutcomeController.java =================================================================== diff -u -rc1a3db58d656de47b6006019dc48f592787bf032 -rfaaf36eefd3eed3baeae46071e5f754e8b24a7b0 --- lams_central/src/java/org/lamsfoundation/lams/web/outcome/OutcomeController.java (.../OutcomeController.java) (revision c1a3db58d656de47b6006019dc48f592787bf032) +++ lams_central/src/java/org/lamsfoundation/lams/web/outcome/OutcomeController.java (.../OutcomeController.java) (revision faaf36eefd3eed3baeae46071e5f754e8b24a7b0) @@ -299,7 +299,7 @@ return responseJSON.toString(); } - @RequestMapping("/outcomeMap") + @RequestMapping(path = "/outcomeMap", method = RequestMethod.POST) @ResponseBody public String outcomeMap(HttpServletRequest request, HttpServletResponse response) throws Exception { Long outcomeId = WebUtil.readLongParam(request, "outcomeId"); Index: lams_central/web/outcome/outcomeManage.jsp =================================================================== diff -u -rae4e7fd3d6b21cb7f41a733565442950cdd9d232 -rfaaf36eefd3eed3baeae46071e5f754e8b24a7b0 --- lams_central/web/outcome/outcomeManage.jsp (.../outcomeManage.jsp) (revision ae4e7fd3d6b21cb7f41a733565442950cdd9d232) +++ lams_central/web/outcome/outcomeManage.jsp (.../outcomeManage.jsp) (revision faaf36eefd3eed3baeae46071e5f754e8b24a7b0) @@ -1,6 +1,6 @@ <%@ include file="/common/taglibs.jsp"%> - + <fmt:message key="index.outcome.manage" /> Index: lams_tool_chat/web/pages/authoring/authoring.jsp =================================================================== diff -u -r5f9e583fc8e476f6a5f9e1826332ba3788d7c68c -rfaaf36eefd3eed3baeae46071e5f754e8b24a7b0 --- lams_tool_chat/web/pages/authoring/authoring.jsp (.../authoring.jsp) (revision 5f9e583fc8e476f6a5f9e1826332ba3788d7c68c) +++ lams_tool_chat/web/pages/authoring/authoring.jsp (.../authoring.jsp) (revision faaf36eefd3eed3baeae46071e5f754e8b24a7b0) @@ -17,7 +17,7 @@ - + Index: lams_tool_forum/src/java/org/lamsfoundation/lams/tool/forum/web/controller/AuthoringController.java =================================================================== diff -u -r7b3ea39ddf6e10186cf9916562121c205bb0e5ad -rfaaf36eefd3eed3baeae46071e5f754e8b24a7b0 --- lams_tool_forum/src/java/org/lamsfoundation/lams/tool/forum/web/controller/AuthoringController.java (.../AuthoringController.java) (revision 7b3ea39ddf6e10186cf9916562121c205bb0e5ad) +++ lams_tool_forum/src/java/org/lamsfoundation/lams/tool/forum/web/controller/AuthoringController.java (.../AuthoringController.java) (revision faaf36eefd3eed3baeae46071e5f754e8b24a7b0) @@ -369,7 +369,7 @@ /** * Create a topic in memory. This topic will be saved when user save entire authoring page. */ - @RequestMapping("/createTopic") + @RequestMapping(path = "/createTopic", method = RequestMethod.POST) public String createTopic(@ModelAttribute("topicFormId") MessageForm messageForm, HttpServletRequest request) throws IOException, ServletException, PersistenceException { //validate form @@ -448,7 +448,7 @@ * Delete a topic form current topic list. But database record will be deleted only when user save whole authoring * page. */ - @RequestMapping("/deleteTopic") + @RequestMapping(path = "/deleteTopic", method = RequestMethod.POST) public String deleteTopic(HttpServletRequest request) throws PersistenceException { // get SessionMAP @@ -521,7 +521,7 @@ * Submit user updated inforamion in a topic to memory. This update will be submit to database only when user save * whole authoring page. */ - @RequestMapping("/updateTopic") + @RequestMapping(path = "/updateTopic", method = RequestMethod.POST) public String updateTopic(@ModelAttribute("topicFormId") MessageForm messageForm, HttpServletRequest request) throws PersistenceException { //validate form @@ -586,7 +586,7 @@ /** * Remove message attachment. */ - @RequestMapping("/deleteAttachment") + @RequestMapping(path = "/deleteAttachment", method = RequestMethod.POST) public String deleteAttachment(HttpServletRequest request) { request.setAttribute("itemAttachment", null); return "jsps/authoring/parts/msgattachment"; @@ -874,4 +874,4 @@ plannerForm.setTopic(plannerForm.getTopicCount().intValue(), ""); return "jsps/authoring/pedagogicalPlannerForm"; } -} \ No newline at end of file +} Index: lams_tool_forum/web/WEB-INF/tags/OutcomeAuthor.tag =================================================================== diff -u -r381e8076e21344e47a250d4c525e44f1c4e10399 -rfaaf36eefd3eed3baeae46071e5f754e8b24a7b0 --- lams_tool_forum/web/WEB-INF/tags/OutcomeAuthor.tag (.../OutcomeAuthor.tag) (revision 381e8076e21344e47a250d4c525e44f1c4e10399) +++ lams_tool_forum/web/WEB-INF/tags/OutcomeAuthor.tag (.../OutcomeAuthor.tag) (revision faaf36eefd3eed3baeae46071e5f754e8b24a7b0) @@ -10,6 +10,7 @@ <%@ taglib uri="tags-fmt" prefix="fmt" %> <%@ taglib uri="tags-lams" prefix="lams"%> <%@ taglib uri="tags-function" prefix="fn" %> +<%@ taglib uri="csrfguard" prefix="csrf" %> <%-- Optional attributes. Must provide at either lessonId or toolContentId --%> @@ -68,7 +69,7 @@ 'select' : function(event, ui){ var input = $(this); $.ajax({ - 'url' : 'outcome/outcomeMap.do', + 'url' : 'outcome/outcomeMap.do?', 'data': $.extend({ 'outcomeId' : ui.item.value }, outcomeData${outcomeTagId}), @@ -147,4 +148,4 @@

- \ No newline at end of file + Index: lams_tool_forum/web/includes/javascript/message.js =================================================================== diff -u -r7475d08afc280b5e2e5ddf04e8bf35e3166aaf80 -rfaaf36eefd3eed3baeae46071e5f754e8b24a7b0 --- lams_tool_forum/web/includes/javascript/message.js (.../message.js) (revision 7475d08afc280b5e2e5ddf04e8bf35e3166aaf80) +++ lams_tool_forum/web/includes/javascript/message.js (.../message.js) (revision faaf36eefd3eed3baeae46071e5f754e8b24a7b0) @@ -10,12 +10,16 @@ var url= removeItemAttachmentUrl; var reqIDVar = new Date(); var param = "reqID="+reqIDVar.getTime(); + var data = { + 'reqID=' : reqIDVar.getTime() + }; + data[csrfTokenName] = csrfTokenValue; removeItemAttachmentLoading(); $.ajax({ - type: 'get', + type: 'POST', url: url, - data: param, + data: data, success: function(data) { $("#"+itemAttachmentTargetDiv).html(data); removeItemAttachmentComplete(); Index: lams_tool_forum/web/jsps/authoring/authoring.jsp =================================================================== diff -u -r5f9e583fc8e476f6a5f9e1826332ba3788d7c68c -rfaaf36eefd3eed3baeae46071e5f754e8b24a7b0 --- lams_tool_forum/web/jsps/authoring/authoring.jsp (.../authoring.jsp) (revision 5f9e583fc8e476f6a5f9e1826332ba3788d7c68c) +++ lams_tool_forum/web/jsps/authoring/authoring.jsp (.../authoring.jsp) (revision faaf36eefd3eed3baeae46071e5f754e8b24a7b0) @@ -9,6 +9,8 @@