EZP-30161 Update ezjscore token variable identifier

[thiagocamposviana]

https://jira.ez.no/browse/EZP-30161

New versions should use _token and not ezxform_token_js

[andrerom]

Care to explain why? And ideally also which issue this is possible regression from?

[thiagocamposviana]

@andrerom I have identified this issue when installing 2.4 with legacy bridge, check netgen/NetgenAdminUIBundle#27 (comment)

"Alright, I will try to reproduce and record this sometime next week and I will post the video here. I have just installed eZP 2.4 yesterday and I am sure the form token extension is checking for "_token" instead of "ezxform_token" with legacy bridge."

[thiagocamposviana]

TODO: make the token identifier configurable.

[andrerom]

@thiagocamposviana I did a quick investigation and almost everything here is done already.

So default form field name is ezxFormToken::FORM_FIELD = 'ezxform_token'

Legacy Bridge already overloads that form field name based on the one used by Symfony:

This PR only need small adjustment to get the form field name by calling ezxFormToken::getFormField()

Hence avoiding the hard coding of this here, and probably solve several token issues in the process (so 2017.12 branch here I guess) when running in symfony mode.

Remaining question, @thiagocamposviana / @emodric is the name change of the ezxform_token_js significant here? Cause changing seem like it might break a lot.

[emodric]

Using a method to get the configured value could be the way, and we can introduce a second method to configure the ezxform_token_js too.

Problem is however that these are not only hardcoded in PHP, but also in JS and templates, both here (in admin design) and in other extensions (ezmultiupload, ezie, ezflow):

eddie@abyss ~/www/ez/ezpublish_legacy $ grep -irn "ezxform_token" *
design/admin/templates/content/datatype/edit/ezobjectrelationlist_ajaxuploader.tpl:105:                    tokenNode = Y.one('#ezxform_token_js');
design/admin/templates/content/datatype/edit/ezobjectrelation_ajaxuploader.tpl:85:                    tokenNode = Y.one('#ezxform_token_js');
design/admin/templates/class/edit.tpl:381:        var postVar = { 'ContentClassHasInput': 0 }, _tokenNode = document.getElementById('ezxform_token_js');
design/admin/templates/class/edit.tpl:383:        if ( _tokenNode ) postVar['ezxform_token'] = _tokenNode.getAttribute('title');
design/admin/javascript/leftmenu_widthcontrol.js:40:                var _token = '', _tokenNode = document.getElementById('ezxform_token_js');
design/admin/javascript/leftmenu_widthcontrol.js:41:                if ( _tokenNode ) _token = 'ezxform_token=' + _tokenNode.getAttribute('title');
design/admin/javascript/ezajaxuploader.js:212:                hiddenPlace.append('<input type="hidden" name="ezxform_token" value="' + that.conf.token + '" />');
design/admin/javascript/node_tabs.js:77:            var _token = '', _tokenNode = document.getElementById('ezxform_token_js');
design/admin/javascript/node_tabs.js:78:            if ( _tokenNode ) _token = 'ezxform_token=' + _tokenNode.getAttribute('title');
extension/ezmultiupload/design/standard/templates/ezmultiupload/upload.tpl:20:                'ezxform_token': '@$ezxFormToken@'
extension/ezie/design/standard/javascript/ezie.ezconnect.connect.js:54:        'ezxform_token': $('#ezxform_token_js').attr('title')
extension/ezflow/design/standard/javascript/blocktools.js:64:                _tokenNode = document.getElementById('ezxform_token_js');
extension/ezflow/design/standard/javascript/blocktools.js:66:                postData = 'ezxform_token=' + _tokenNode.getAttribute('title') + '&';
extension/ezflow/design/standard/javascript/ezpushtoblock.js:39:        var _tokenNode = document.getElementById('ezxform_token_js');
extension/ezflow/design/standard/javascript/ezpushtoblock.js:44:            p = p + 'ezxform_token=' + _tokenNode.getAttribute('title');
extension/ezformtoken/event/ezxformtoken.php:26:    const FORM_FIELD = 'ezxform_token';
extension/ezformtoken/README.rst:74:1. Add a hidden input tag with name='ezxform_token' for all form tags that
extension/ezformtoken/README.rst:76:2. Add a hidden tag with id='ezxform_token_js' after body tag that contain
extension/ezformtoken/README.rst:85:Using the hidden tag with id='ezxform_token_js' is the best option for ajax
extension/ezformtoken/README.rst:98:        var _token = '', _tokenNode = document.getElementById('ezxform_token_js');
extension/ezformtoken/README.rst:99:        if ( _tokenNode ) _token = 'ezxform_token=' + _tokenNode.getAttribute('title');
extension/ezformtoken/README.rst:111:       jQuery.post( url, 'ezxform_token=@$ezxFormToken@', function(){} );
extension/ezjscore/classes/ezjscserverfunctionsjs.php:178:        var _token = '', _tokenNode = document.getElementById('ezxform_token_js');
extension/ezjscore/classes/ezjscserverfunctionsjs.php:179:        if ( _tokenNode ) _token = '&ezxform_token=' + _tokenNode.getAttribute('title');
extension/ezjscore/classes/ezjscserverfunctionsjs.php:244:            _tokenNode = document.getElementById( 'ezxform_token_js' );
extension/ezjscore/classes/ezjscserverfunctionsjs.php:248:            c.data += '&ezxform_token=' + _tokenNode.getAttribute( 'title' );
extension/ezjscore/classes/ezjscserverfunctionsjs.php:330:            var _token = '', _tokenNode = document.getElementById('ezxform_token_js');
extension/ezjscore/classes/ezjscserverfunctionsjs.php:335:                post.push( { 'name': 'ezxform_token', 'value': _token } );
extension/ezjscore/classes/ezjscserverfunctionsjs.php:339:                post += ( post ? '&' : '' ) + 'ezjscServer_function_arguments=' + callArgs + '&ezxform_token=' + _token;
extension/ezjscore/classes/ezjscserverfunctionsjs.php:344:                post['ezxform_token'] = _token;
extension/ezjscore/classes/ezjscserverfunctionsjs.php:358:            _tokenNode = document.getElementById( 'ezxform_token_js' );
extension/ezjscore/classes/ezjscserverfunctionsjs.php:360:            param.ezxform_token = _tokenNode.getAttribute( 'title' );
extension/ezjscore/classes/ezjscserverfunctionsjs.php:374:            post['ezxform_token'] = jQuery('#ezxform_token_js').attr('title');

[andrerom]

Indeed, so what do you suggest? For token form field name we could have fallback logic to first looked for the default one then secondly for injected one.

For ezxform_token_js I still don't see why we need to change it(?), especially given it is indeed hardcoded several places so it would be a break.

[emodric]

Indeed, so what do you suggest? For token form field name we could have fallback logic to first looked for the default one then secondly for injected one.

Fallback logic where? I don't have any suggestions, especially for tpl and js parts :(

For ezxform_token_js I still don't see why we need to change it(?), especially given it is indeed hardcoded several places so it would be a break.

Probably we don't. I didn't go into details with it.

[andrerom]

Fallback logic where?

In ezxFormToken class, so frontend might be with old form name or the new one and it will detect it.

As in looking for default/old one first, then checking for additional "custom" field if set on ezxFormToken::setFormField() optionally deprecate and expose ezxFormToken::addCustomFormField() or something.

[emodric]

That could work 👍

[andrerom]

@thiagocamposviana Up for it, or you want one of us to take over on this?

[thiagocamposviana]

@andrerom I am good with you guys taking over this

[andrerom]

@thiagocamposviana When you have the time, please have a look and see if #1431 solves the issue for you, afaik you won't need any other changes.