From dde1d203f7c8c0b7144f7e31cb51fe134f6563a5 Mon Sep 17 00:00:00 2001
From: Hypolite Petovan <hypolite@mrpetovan.com>
Date: Wed, 14 Jul 2021 08:13:24 -0400
Subject: [PATCH] [frio] Move content of event_edit.js to mod_event.js to
 prevent an unsafe-eval

---
 view/theme/frio/js/event_edit.js         | 111 ----------------------
 view/theme/frio/js/mod_events.js         | 116 +++++++++++++++++++++++
 view/theme/frio/templates/event_form.tpl |   3 -
 3 files changed, 116 insertions(+), 114 deletions(-)
 delete mode 100644 view/theme/frio/js/event_edit.js

diff --git a/view/theme/frio/js/event_edit.js b/view/theme/frio/js/event_edit.js
deleted file mode 100644
index d52c060221..0000000000
--- a/view/theme/frio/js/event_edit.js
+++ /dev/null
@@ -1,111 +0,0 @@
-// @license magnet:?xt=urn:btih:0b31508aeb0634b347b8270c7bee4d411b5d4109&dn=agpl-3.0.txt AGPLv3-or-later
-$(document).ready(function () {
-	// Go to the permissions tab if the checkbox is checked.
-	$("body")
-		.on("click", "#id_share", function () {
-			if ($("#id_share").is(":checked") && !$("#id_share").attr("disabled")) {
-				$("#acl-wrapper").show();
-				$("a#event-perms-lnk").parent("li").show();
-				toggleEventNav("a#event-perms-lnk");
-				eventAclActive();
-			} else {
-				$("#acl-wrapper").hide();
-				$("a#event-perms-lnk").parent("li").hide();
-			}
-		})
-		.trigger("change");
-
-	// Disable the finish time input if the user disable it.
-	$("body")
-		.on("change", "#id_nofinish", function () {
-			enableDisableFinishDate();
-		})
-		.trigger("change");
-
-	// JS for the permission section.
-	$("#contact_allow, #contact_deny, #group_allow, #group_deny")
-		.change(function () {
-			var selstr;
-			$(
-				"#contact_allow option:selected, #contact_deny option:selected, #group_allow option:selected, #group_deny option:selected",
-			).each(function () {
-				selstr = $(this).html();
-				$("#jot-public").hide();
-			});
-			if (selstr == null) {
-				$("#jot-public").show();
-			}
-		})
-		.trigger("change");
-
-	// Change the event nav menu.tabs on click.
-	$("body").on("click", "#event-nav > li > a", function (e) {
-		e.preventDefault();
-		toggleEventNav(this);
-	});
-
-	// This is experimental. We maybe can make use of it to inject
-	// some js code while the event modal opens.
-	//$('body').on('show.bs.modal', function () {
-	//	enableDisableFinishDate();
-	//});
-
-	// Clear some elements (e.g. the event-preview container) when
-	// selecting a event nav link so it don't appear more than once.
-	$("body").on("click", "#event-nav a", function (e) {
-		$("#event-preview").empty();
-		e.preventDefault();
-	});
-});
-
-// Load the html of the actual event and incect the output to the
-// event-edit section.
-function doEventPreview() {
-	$("#event-edit-preview").val(1);
-	$.post("events", $("#event-edit-form").serialize(), function (data) {
-		$("#event-preview").append(data);
-	});
-	$("#event-edit-preview").val(0);
-}
-
-// The following functions show/hide the specific event-edit content
-// in dependence of the selected nav.
-function eventAclActive() {
-	$("#event-edit-wrapper, #event-preview, #event-desc-wrapper").hide();
-	$("#event-acl-wrapper").show();
-}
-
-function eventPreviewActive() {
-	$("#event-acl-wrapper, #event-edit-wrapper, #event-desc-wrapper").hide();
-	$("#event-preview").show();
-	doEventPreview();
-}
-
-function eventEditActive() {
-	$("#event-acl-wrapper, #event-preview, #event-desc-wrapper").hide();
-	$("#event-edit-wrapper").show();
-
-	// Make sure jot text does have really the active class (we do this because there are some
-	// other events which trigger jot text.
-	toggleEventNav($("#event-edit-lnk"));
-}
-
-function eventDescActive() {
-	$("#event-edit-wrapper, #event-preview, #event-acl-wrapper").hide();
-	$("#event-desc-wrapper").show();
-}
-
-// Give the active "event-nav" list element the class "active".
-function toggleEventNav(elm) {
-	// Select all li of #event-nav and remove the active class.
-	$(elm).closest("#event-nav").children("li").removeClass("active");
-	// Add the active class to the parent of the link which was selected.
-	$(elm).parent("li").addClass("active");
-}
-
-// Disable the input for the finish date if it is not available.
-function enableDisableFinishDate() {
-	if ($("#id_nofinish").is(":checked")) $("#id_finish_text").prop("disabled", true);
-	else $("#id_finish_text").prop("disabled", false);
-}
-// @license-end
diff --git a/view/theme/frio/js/mod_events.js b/view/theme/frio/js/mod_events.js
index 8ea2a0af91..464afc3e60 100644
--- a/view/theme/frio/js/mod_events.js
+++ b/view/theme/frio/js/mod_events.js
@@ -5,6 +5,8 @@
  */
 
 $(document).ready(function () {
+	let $body = $("body");
+
 	// start the fullCalendar
 	$("#events-calendar").fullCalendar({
 		firstDay: aStr.firstDay,
@@ -121,6 +123,66 @@ $(document).ready(function () {
 	// show event popup
 	var hash = location.hash.split("-");
 	if (hash.length == 2 && hash[0] == "#link") showEvent(hash[1]);
+
+	// event_edit
+
+	// Go to the permissions tab if the checkbox is checked.
+	$body
+		.on("click", "#id_share", function () {
+			if ($("#id_share").is(":checked") && !$("#id_share").attr("disabled")) {
+				$("#acl-wrapper").show();
+				$("a#event-perms-lnk").parent("li").show();
+				toggleEventNav("a#event-perms-lnk");
+				eventAclActive();
+			} else {
+				$("#acl-wrapper").hide();
+				$("a#event-perms-lnk").parent("li").hide();
+			}
+		})
+		.trigger("change");
+
+	// Disable the finish time input if the user disable it.
+	$body
+		.on("change", "#id_nofinish", function () {
+			enableDisableFinishDate();
+		})
+		.trigger("change");
+
+	// JS for the permission section.
+	$("#contact_allow, #contact_deny, #group_allow, #group_deny")
+		.change(function () {
+			var selstr;
+			$(
+				"#contact_allow option:selected, #contact_deny option:selected, #group_allow option:selected, #group_deny option:selected",
+			).each(function () {
+				selstr = $(this).html();
+				$("#jot-public").hide();
+			});
+			if (selstr == null) {
+				$("#jot-public").show();
+			}
+		})
+		.trigger("change");
+
+	// Change the event nav menu.tabs on click.
+	$body.on("click", "#event-nav > li > a", function (e) {
+		e.preventDefault();
+		toggleEventNav(this);
+	});
+
+	// This is experimental. We maybe can make use of it to inject
+	// some js code while the event modal opens.
+	//$body.on('show.bs.modal', function () {
+	//	enableDisableFinishDate();
+	//});
+
+	// Clear some elements (e.g. the event-preview container) when
+	// selecting a event nav link so it don't appear more than once.
+	$body.on("click", "#event-nav a", function (e) {
+		$("#event-preview").empty();
+		e.preventDefault();
+	});
+
 });
 
 // loads the event into a modal
@@ -264,4 +326,58 @@ function formatListViewEvent(event) {
 
 	return formatted;
 }
+
+// event_edit
+
+// Load the html of the actual event and incect the output to the
+// event-edit section.
+function doEventPreview() {
+	$("#event-edit-preview").val(1);
+	$.post("events", $("#event-edit-form").serialize(), function (data) {
+		$("#event-preview").append(data);
+	});
+	$("#event-edit-preview").val(0);
+}
+
+// The following functions show/hide the specific event-edit content
+// in dependence of the selected nav.
+function eventAclActive() {
+	$("#event-edit-wrapper, #event-preview, #event-desc-wrapper").hide();
+	$("#event-acl-wrapper").show();
+}
+
+function eventPreviewActive() {
+	$("#event-acl-wrapper, #event-edit-wrapper, #event-desc-wrapper").hide();
+	$("#event-preview").show();
+	doEventPreview();
+}
+
+function eventEditActive() {
+	$("#event-acl-wrapper, #event-preview, #event-desc-wrapper").hide();
+	$("#event-edit-wrapper").show();
+
+	// Make sure jot text does have really the active class (we do this because there are some
+	// other events which trigger jot text.
+	toggleEventNav($("#event-edit-lnk"));
+}
+
+function eventDescActive() {
+	$("#event-edit-wrapper, #event-preview, #event-acl-wrapper").hide();
+	$("#event-desc-wrapper").show();
+}
+
+// Give the active "event-nav" list element the class "active".
+function toggleEventNav(elm) {
+	// Select all li of #event-nav and remove the active class.
+	$(elm).closest("#event-nav").children("li").removeClass("active");
+	// Add the active class to the parent of the link which was selected.
+	$(elm).parent("li").addClass("active");
+}
+
+// Disable the input for the finish date if it is not available.
+function enableDisableFinishDate() {
+	if ($("#id_nofinish").is(":checked")) $("#id_finish_text").prop("disabled", true);
+	else $("#id_finish_text").prop("disabled", false);
+}
+
 // @license-end
diff --git a/view/theme/frio/templates/event_form.tpl b/view/theme/frio/templates/event_form.tpl
index e1befe6a4f..537f5243ca 100644
--- a/view/theme/frio/templates/event_form.tpl
+++ b/view/theme/frio/templates/event_form.tpl
@@ -1,6 +1,3 @@
-
-<script type="text/javascript" src="{{$baseurl}}/view/theme/frio/js/event_edit.js?v={{$smarty.const.FRIENDICA_VERSION}}"></script>
-
 <div id="event-form-wrapper">
 	<h3 class="heading">{{$title}}</h3>