From 8769cbdf942ff76d40d5fc78246642958225f0be Mon Sep 17 00:00:00 2001
From: "Edward Z. Yang" <ezyang@mit.edu>
Date: Tue, 16 Jul 2013 23:15:03 -0700
Subject: [PATCH] JavaScript updates: new libraries, load all libraries.

Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
---
 README.txt            | 18 ++++++++++++------
 csrf-magic.js         | 17 ++++++++++++-----
 js-test/dojo.php      |  2 +-
 js-test/ext.php       |  8 +++-----
 js-test/mootools.php  |  3 +--
 js-test/prototype.php |  2 +-
 js-test/yui.php       | 30 ------------------------------
 7 files changed, 30 insertions(+), 50 deletions(-)
 delete mode 100644 js-test/yui.php

diff --git a/README.txt b/README.txt
index 327bc5d..98d225d 100644
--- a/README.txt
+++ b/README.txt
@@ -61,20 +61,26 @@ include csrf-magic.php.
     }
     // include_once '/path/to/csrf-magic.php';
 
-(Be sure to place csrf-magic.js somewhere web accessible).  csrf-magic.js will
+(Be sure to place csrf-magic.js somewhere web accessible).
+
+The default method CSRF Magic uses to rewrite AJAX requests will
+only work for browsers with support for XmlHttpRequest.prototype (this excludes
+all versions of Internet Explorer).  See this page for more information:
+http://stackoverflow.com/questions/664315/internet-explorer-8-prototypes-and-xmlhttprequest
+
+However, csrf-magic.js will
 automatically detect and play nice with the following JavaScript frameworks:
 
     * jQuery
     * Prototype
-    * script.aculo.us (via Prototype)
     * MooTools
-    * Yahoo UI Library
     * Ext
     * Dojo
 
-If you are not using any of these JavaScript libraries, AJAX requests will
-only work for browsers with support for XmlHttpRequest.prototype (this excludes
-all versions of Internet Explorer).
+(Note 2013-07-16: It has been a long time since this manual support has
+been updated, and some JavaScript libraries have placed their copies of XHR
+in local variables in closures, which makes it difficult for us to monkey-patch
+it in automatically.)
 
 To rewrite your own JavaScript library to use csrf-magic.js, you should modify
 your function that generates XMLHttpRequest to have this at the end:
diff --git a/csrf-magic.js b/csrf-magic.js
index d776b6a..d358b0f 100644
--- a/csrf-magic.js
+++ b/csrf-magic.js
@@ -142,25 +142,30 @@ if (window.XMLHttpRequest && window.XMLHttpRequest.prototype && '\v' != 'v') {
             }
             return jQuery.csrf_ajax( s );
         }
-    } else if (window.Prototype) {
+    }
+    if (window.Prototype) {
         // This works for script.aculo.us too
         Ajax.csrf_getTransport = Ajax.getTransport;
         Ajax.getTransport = function() {
             return new CsrfMagic(Ajax.csrf_getTransport());
         }
-    } else if (window.MooTools) {
+    }
+    if (window.MooTools) {
         Browser.csrf_Request = Browser.Request;
         Browser.Request = function () {
             return new CsrfMagic(Browser.csrf_Request());
         }
-    } else if (window.YAHOO) {
+    }
+    if (window.YAHOO) {
+        // old YUI API
         YAHOO.util.Connect.csrf_createXhrObject = YAHOO.util.Connect.createXhrObject;
         YAHOO.util.Connect.createXhrObject = function (transaction) {
             obj = YAHOO.util.Connect.csrf_createXhrObject(transaction);
             obj.conn = new CsrfMagic(obj.conn);
             return obj;
         }
-    } else if (window.Ext) {
+    }
+    if (window.Ext) {
         // Ext can use other js libraries as loaders, so it has to come last
         // Ext's implementation is pretty identical to Yahoo's, but we duplicate
         // it for comprehensiveness's sake.
@@ -170,7 +175,9 @@ if (window.XMLHttpRequest && window.XMLHttpRequest.prototype && '\v' != 'v') {
             obj.conn = new CsrfMagic(obj.conn);
             return obj;
         }
-    } else if (window.dojo) {
+    }
+    if (window.dojo) {
+        // NOTE: this doesn't work with latest dojo
         dojo.csrf__xhrObj = dojo._xhrObj;
         dojo._xhrObj = function () {
             return new CsrfMagic(dojo.csrf__xhrObj());
diff --git a/js-test/dojo.php b/js-test/dojo.php
index a817913..e11be32 100644
--- a/js-test/dojo.php
+++ b/js-test/dojo.php
@@ -6,7 +6,7 @@
 <head>
 <title>Dojo test page for csrf-magic</title>
 <?php $loc = print_javascript('dojo/dojo/dojo.js.uncompressed',
-    'http://dojotoolkit.org/sites/all/modules/dojo/dtk_build/dojo/dojo.js.uncompressed.js'
+    '//ajax.googleapis.com/ajax/libs/dojo/1.9.1/dojo/dojo.js'
 ) ?>
 </head>
 <body>
diff --git a/js-test/ext.php b/js-test/ext.php
index de9dc71..edff74b 100644
--- a/js-test/ext.php
+++ b/js-test/ext.php
@@ -6,19 +6,17 @@
 <head>
 <title>Ext test page for csrf-magic</title>
 <?php
-$locs = array();
-$locs[] = print_javascript('ext/source/adapter/ext-base', 'http://extjs.com/deploy/dev/adapter/ext/ext-base.js');
-$locs[] = print_javascript('ext/ext-core',                 'http://extjs.com/deploy/dev/ext-core.js');
+$loc = print_javascript('ext', 'http://cdn.sencha.io/ext-4.2.0-gpl/ext-all.js');
 ?>
 </head>
 <body>
 <h1>Ext test page for csrf-magic</h1>
-<p>Using <?php echo implode(', ', $locs); ?></p>
+<p>Using <?php echo $loc; ?></p>
 <textarea id="js-output" cols="80" rows="4"></textarea>
 <script type="text/javascript">
 //<![CDATA[
     var textarea = document.getElementById('js-output');
-    textarea.value = "Ext (no version available)\n";
+    textarea.value = "Ext " + Ext.versions.extjs + "\n";
     var callback = function (transport) {
         textarea.value += transport.responseText;
     }
diff --git a/js-test/mootools.php b/js-test/mootools.php
index 4406dec..4348ada 100644
--- a/js-test/mootools.php
+++ b/js-test/mootools.php
@@ -6,8 +6,7 @@
 <head>
 <title>MooTools test page for csrf-magic</title>
 <?php $loc = print_javascript('mootools',
-    // This link needs to be updated with new versions
-    'http://mootools.net/downloads/mootools-1.2-core-nc.js'
+    '//ajax.googleapis.com/ajax/libs/mootools/1.4.5/mootools-yui-compressed.js'
 ) ?>
 </head>
 <body>
diff --git a/js-test/prototype.php b/js-test/prototype.php
index 94317e5..a0e7738 100644
--- a/js-test/prototype.php
+++ b/js-test/prototype.php
@@ -5,7 +5,7 @@
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
 <head>
 <title>Prototype test page for csrf-magic</title>
-<?php $loc = print_javascript('prototype', 'http://www.prototypejs.org/javascripts/prototype.js') ?>
+<?php $loc = print_javascript('prototype', 'https://ajax.googleapis.com/ajax/libs/prototype/1.7.1.0/prototype.js') ?>
 </head>
 <body>
 <h1>Prototype test page for csrf-magic</h1>
diff --git a/js-test/yui.php b/js-test/yui.php
deleted file mode 100644
index 53d227c..0000000
--- a/js-test/yui.php
+++ /dev/null
@@ -1,30 +0,0 @@
-<?php require_once 'common.php'; ?>
-<!DOCTYPE html
-     PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN
-     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
-<head>
-<title>Yahoo! UI library test page for csrf-magic</title>
-<?php
-$locs = array();
-$locs[] = print_javascript('yui/build/yahoo/yahoo', 'http://yui.yahooapis.com/3.0.0pr1/build/yahoo/yahoo.js');
-$locs[] = print_javascript('yui/build/event/event', 'http://yui.yahooapis.com/3.0.0pr1/build/event/event.js');
-$locs[] = print_javascript('yui/build/connection/connection', 'http://yui.yahooapis.com/3.0.0pr1/build/connection/connection.js');
-?>
-</head>
-<body>
-<h1>Yahoo! UI library test page for csrf-magic</h1>
-<p>Using <?php echo implode(', ', $locs); ?></p>
-<textarea id="js-output" cols="80" rows="4"></textarea>
-<script type="text/javascript">
-//<![CDATA[
-    var textarea = document.getElementById('js-output');
-    textarea.value = "YUI " + YAHOO.VERSION + "\n";
-    var callback = {success: function (transport) {
-        textarea.value += transport.responseText;
-    }}
-    var transaction = YAHOO.util.Connect.asyncRequest('POST', 'yui.php', callback, 'ajax=yes&foo=bar');
-//]]>
-</script>
-</body>
-</html>
-- 
2.11.4.GIT