Mercurial Hosting > nabble
view src/nabble/view/web/embed/EmbedOptions.jtp @ 66:3fbe9cb2e325 default tip
security
author | Franklin Schmidt <fschmidt@gmail.com> |
---|---|
date | Wed, 18 Sep 2024 03:51:47 -0600 |
parents | 18cf4872fd7f |
children |
line wrap: on
line source
<% package nabble.view.web.embed; import fschmidt.util.servlet.AuthorizingServlet; import nabble.model.ModelHome; import nabble.model.Node; import nabble.model.User; import nabble.model.Site; import nabble.view.lib.EmbedUtils; import nabble.view.lib.Jtp; import nabble.view.lib.Shared; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.io.PrintWriter; public class EmbedOptions extends HttpServlet implements AuthorizingServlet { public String getAuthorizationKey(HttpServletRequest request) throws ServletException { Site site = Jtp.getSite(request); return site==null ? null : Jtp.getReadAuthorizationKey( site.getNode(Jtp.getLong(request,"node")) ); } public boolean authorize(String key,HttpServletRequest request,HttpServletResponse response) throws ServletException, IOException { return Jtp.authorizeForRead(key,request,response); } protected void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { PrintWriter out = response.getWriter(); String context = request.getContextPath(); Site site = Jtp.getSite(request); if( site == null ) return; String nodeId = request.getParameter("node"); if( nodeId == null ) return; Node node = site.getNode(Long.valueOf(nodeId)); if (node == null) return; boolean isForum = node.getKind() == Node.Kind.APP; User visitor = Jtp.getUser(request); boolean allowed = Jtp.canBeEditedBy(node,visitor); if (!allowed && isForum) { Jtp.login("Only administrators can proceed in this area.", request, response); return; } String action = request.getParameter("action"); if ("save".equals(action) && "POST".equals(request.getMethod())) { String url = request.getParameter("url"); String option = request.getParameter("option"); String value = "this".equals(option)? url : null; node.setEmbeddingUrl(value); if (value != null) response.sendRedirect(Jtp.path(node)); else Shared.javascriptRedirect(request, response, Jtp.path(node), null, true); } %> <html> <head> <meta name="robots" content="noindex,nofollow"/> <% Shared.title(request, response, "Embedding Options"); %> </head> <body> <% Shared.minHeader(request,response, node); %> <% Shared.editHeader(node.getSubjectHtml(), "Embedding Options", out); %> <div class="second-font field-title">Javascript Code</div> <div class="weak-color" style="margin-left:1.5em"> To add this <%=isForum? Jtp.viewName(node).toLowerCase() : "topic"%> to your website, copy and paste the following code on your HTML page:<br/> <textarea style="height:3.5em;width:85%;margin:.3em .3em .3em 0;font-size:80%" readonly="true" onClick="this.focus();this.select();"><%=isForum? EmbedUtils.getForumSnippet(request, node) : EmbedUtils.getTopicSnippet(request, node)%></textarea> <br>You can embed this <%=isForum? Jtp.viewName(node).toLowerCase():"topic"%> in more than one website. <br>We suggest that you use a custom domain name to avoid third-party cookie problems. <br>Please check the <a href="<%=context%>/help/Answer.jtp?id=36">Nabble Help</a> for more information. </div> <% if (isForum) { %> <div class="second-font field-title">Redirect Users</div> <div id="more" class="weak-color" style="margin-left:1.5em"> Redirect options are available only when the <%=Jtp.viewName(node).toLowerCase()%> is embedded. </div> <form id="settings" method="post" action="/embed/EmbedOptions.jtp" accept-charset="UTF-8" style="display:none"> <input type="hidden" name="action" value="save" /> <input type="hidden" name="node" value="<%=node.getId()%>" /> <input type="hidden" id="url" name="url" value="" /> <div class="weak-color" style="margin:0 0 1em 1.5em"> Your embedded <%=Jtp.viewName(node).toLowerCase()%> is hosted on Nabble at this URL: <b><%=Jtp.url(node)%></b><br> <input type="radio" id="o1" name="option" value="nabble"></input> <label for="o1">Allow users to view this <%=Jtp.viewName(node).toLowerCase()%> without embedding.</label><br/> <input type="radio" id="o2" name="option" value="this"></input> <label for="o2">Redirect them to: <span id="embedding-url" style="font-weight:bold"></span>.</label><br/> <span id="radio3" style="display:none"> <input type="radio" id="o3" name="option" value="that"></input> <label for="o3" title="">Redirect them to: <span id="default-url" style="font-weight:bold"></span>.</label><br/> </span> </div> <a href="<%=context%>/help/Answer.jtp?id=40">Learn More</a> <div style="margin-top:1.4em"> <input type="submit" value="Save Changes" /> or <a href="<%=Jtp.path(node)%>">Go back to the <%=Jtp.viewName(node).toLowerCase()%></a> </div> </form> <% } %> <% String embedDefaultUrl = node.getEmbeddingUrl(); %> <script type="text/javascript"> var defaultUrl = "<%=Jtp.hideNull(embedDefaultUrl)%>"; $(document).ready(function() { if (Nabble.isEmbedded) { $('#settings').show(); $('#more').hide(); $('#url').val(Nabble.embeddingUrl); $('#embedding-url').html(Nabble.embeddingUrl); if (defaultUrl == "") { $('#o1').attr('checked', 'y'); } else if (Nabble.embeddingUrl == defaultUrl) { $('#o2').attr('checked', 'y'); } else { $('#radio3').show(); $('#default-url').html(defaultUrl); $('#o3').attr('checked', 'y'); } } }); </script> <% Shared.footer(request, response); %> <% Shared.analytics(request,response); %> </body> </html> <% } } %>