Fix security issues.
This commit is contained in:
Jens Luedicke
@@ -47,6 +47,10 @@
|
||||
<span class="icon"><i class="ti ti-settings"></i></span>
|
||||
Manage Folders
|
||||
</a>
|
||||
<button type="button" class="btn btn-secondary" id="preferences-btn">
|
||||
<span class="icon"><i class="ti ti-adjustments"></i></span>
|
||||
Preferences
|
||||
</button>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
@@ -399,6 +403,54 @@
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<!-- Note Preferences Modal -->
|
||||
<div id="preferences-modal" class="move-modal">
|
||||
<div class="move-modal-content" style="max-width: 500px;">
|
||||
<div class="move-modal-header">
|
||||
<h3><i class="ti ti-adjustments"></i> Note Preferences</h3>
|
||||
<button type="button" class="close-btn" onclick="closePreferencesModal()">
|
||||
<i class="ti ti-x"></i>
|
||||
</button>
|
||||
</div>
|
||||
<form id="note-preferences-form" method="POST" action="{{ url_for('notes.update_note_preferences') }}">
|
||||
<div class="move-modal-body">
|
||||
<div class="form-group">
|
||||
<label for="note_preview_font" class="form-label">Preview Font</label>
|
||||
<select id="note_preview_font" name="note_preview_font" class="form-control">
|
||||
<option value="system" {% if not g.user.preferences or g.user.preferences.note_preview_font == 'system' %}selected{% endif %}>System Default</option>
|
||||
<option value="sans-serif" {% if g.user.preferences and g.user.preferences.note_preview_font == 'sans-serif' %}selected{% endif %}>Sans-serif (Arial, Helvetica)</option>
|
||||
<option value="serif" {% if g.user.preferences and g.user.preferences.note_preview_font == 'serif' %}selected{% endif %}>Serif (Times, Georgia)</option>
|
||||
<option value="monospace" {% if g.user.preferences and g.user.preferences.note_preview_font == 'monospace' %}selected{% endif %}>Monospace (Courier, Consolas)</option>
|
||||
<option value="georgia" {% if g.user.preferences and g.user.preferences.note_preview_font == 'georgia' %}selected{% endif %}>Georgia</option>
|
||||
<option value="palatino" {% if g.user.preferences and g.user.preferences.note_preview_font == 'palatino' %}selected{% endif %}>Palatino</option>
|
||||
<option value="garamond" {% if g.user.preferences and g.user.preferences.note_preview_font == 'garamond' %}selected{% endif %}>Garamond</option>
|
||||
<option value="bookman" {% if g.user.preferences and g.user.preferences.note_preview_font == 'bookman' %}selected{% endif %}>Bookman</option>
|
||||
<option value="comic-sans" {% if g.user.preferences and g.user.preferences.note_preview_font == 'comic-sans' %}selected{% endif %}>Comic Sans MS</option>
|
||||
<option value="trebuchet" {% if g.user.preferences and g.user.preferences.note_preview_font == 'trebuchet' %}selected{% endif %}>Trebuchet MS</option>
|
||||
<option value="arial-black" {% if g.user.preferences and g.user.preferences.note_preview_font == 'arial-black' %}selected{% endif %}>Arial Black</option>
|
||||
<option value="impact" {% if g.user.preferences and g.user.preferences.note_preview_font == 'impact' %}selected{% endif %}>Impact</option>
|
||||
</select>
|
||||
<small class="form-text text-muted">Choose the font family for note previews in the list view</small>
|
||||
</div>
|
||||
|
||||
<div class="preview-section mt-4">
|
||||
<label class="form-label">Preview</label>
|
||||
<div class="preview-box" id="fontPreview">
|
||||
<p class="mb-2">This is how your note previews will look with the selected font.</p>
|
||||
<p class="mb-0 text-muted">Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.</p>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="move-modal-footer">
|
||||
<button type="button" class="btn btn-secondary" onclick="closePreferencesModal()">Cancel</button>
|
||||
<button type="submit" class="btn btn-primary">
|
||||
<i class="ti ti-check"></i> Save Preferences
|
||||
</button>
|
||||
</div>
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<style>
|
||||
/* Container */
|
||||
.notes-container {
|
||||
@@ -1516,6 +1568,30 @@ td.checkbox-column {
|
||||
gap: 0.5rem;
|
||||
}
|
||||
|
||||
/* Preferences Modal Styles */
|
||||
.preview-box {
|
||||
padding: 1rem;
|
||||
border: 1px solid #e0e0e0;
|
||||
border-radius: 8px;
|
||||
background-color: #f9f9f9;
|
||||
min-height: 100px;
|
||||
}
|
||||
|
||||
.preview-box p {
|
||||
margin-bottom: 0.5rem;
|
||||
line-height: 1.6;
|
||||
}
|
||||
|
||||
.preview-section {
|
||||
margin-top: 1.5rem;
|
||||
}
|
||||
|
||||
.preview-section .form-label {
|
||||
font-weight: 600;
|
||||
color: #495057;
|
||||
margin-bottom: 0.5rem;
|
||||
}
|
||||
|
||||
@media (max-width: 768px) {
|
||||
.bulk-actions-bar {
|
||||
flex-wrap: wrap;
|
||||
@@ -2147,7 +2223,87 @@ window.addEventListener('click', function(e) {
|
||||
if (e.target === moveModal) {
|
||||
closeMoveModal();
|
||||
}
|
||||
|
||||
const preferencesModal = document.getElementById('preferences-modal');
|
||||
if (e.target === preferencesModal) {
|
||||
closePreferencesModal();
|
||||
}
|
||||
});
|
||||
|
||||
// Font families mapping
|
||||
const fontFamilies = {
|
||||
'system': 'inherit',
|
||||
'sans-serif': 'Arial, Helvetica, sans-serif',
|
||||
'serif': '"Times New Roman", Times, serif',
|
||||
'monospace': '"Courier New", Courier, monospace',
|
||||
'georgia': 'Georgia, serif',
|
||||
'palatino': '"Palatino Linotype", "Book Antiqua", Palatino, serif',
|
||||
'garamond': 'Garamond, serif',
|
||||
'bookman': '"Bookman Old Style", serif',
|
||||
'comic-sans': '"Comic Sans MS", cursive',
|
||||
'trebuchet': '"Trebuchet MS", sans-serif',
|
||||
'arial-black': '"Arial Black", sans-serif',
|
||||
'impact': 'Impact, sans-serif'
|
||||
};
|
||||
|
||||
// Handle font preview in modal
|
||||
document.getElementById('note_preview_font').addEventListener('change', function() {
|
||||
const selectedFont = this.value;
|
||||
const previewBox = document.getElementById('fontPreview');
|
||||
previewBox.style.fontFamily = fontFamilies[selectedFont] || 'inherit';
|
||||
});
|
||||
|
||||
// Handle preferences form submission
|
||||
document.getElementById('note-preferences-form').addEventListener('submit', async function(e) {
|
||||
e.preventDefault();
|
||||
|
||||
const formData = new FormData(this);
|
||||
|
||||
try {
|
||||
const response = await fetch(this.action, {
|
||||
method: 'POST',
|
||||
headers: {
|
||||
'X-Requested-With': 'XMLHttpRequest',
|
||||
},
|
||||
body: formData
|
||||
});
|
||||
|
||||
const data = await response.json();
|
||||
|
||||
if (data.success) {
|
||||
// Apply font immediately without page reload
|
||||
const font = data.font;
|
||||
|
||||
// Update all note previews
|
||||
document.querySelectorAll('.note-preview').forEach(preview => {
|
||||
preview.style.fontFamily = fontFamilies[font] || 'inherit';
|
||||
});
|
||||
|
||||
// Close modal
|
||||
closePreferencesModal();
|
||||
|
||||
// Show success toast or feedback
|
||||
// You could add a toast notification here
|
||||
} else {
|
||||
alert('Error saving preferences: ' + (data.error || 'Unknown error'));
|
||||
}
|
||||
} catch (error) {
|
||||
alert('Error saving preferences: ' + error.message);
|
||||
}
|
||||
});
|
||||
|
||||
// Preferences modal functions
|
||||
document.getElementById('preferences-btn').addEventListener('click', function() {
|
||||
document.getElementById('preferences-modal').classList.add('active');
|
||||
// Initialize preview font
|
||||
const currentFont = document.getElementById('note_preview_font').value;
|
||||
const previewBox = document.getElementById('fontPreview');
|
||||
previewBox.style.fontFamily = fontFamilies[currentFont] || 'inherit';
|
||||
});
|
||||
|
||||
function closePreferencesModal() {
|
||||
document.getElementById('preferences-modal').classList.remove('active');
|
||||
}
|
||||
</script>
|
||||
|
||||
{% endblock %}
|
||||
Reference in New Issue
Block a user