From 0a142912d3cf9ffa226b5b024b1cf5c7a150d7e2 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Tue, 15 Sep 2020 18:08:08 +0300
Subject: backend handler: require CSRF, remove obsolete code

---
 js/App.js | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

(limited to 'js/App.js')

diff --git a/js/App.js b/js/App.js
index af21cc97f..03103845e 100644
--- a/js/App.js
+++ b/js/App.js
@@ -300,19 +300,19 @@ const App = {
       }
    },
    helpDialog: function(topic) {
-		const query = "backend.php?op=backend&method=help&topic=" + encodeURIComponent(topic);
-
 		if (dijit.byId("helpDlg"))
 			dijit.byId("helpDlg").destroyRecursive();
 
-		const dialog = new dijit.Dialog({
-			id: "helpDlg",
-			title: __("Help"),
-			style: "width: 600px",
-			href: query,
-		});
+	   xhrPost("backend.php", {op: "backend", method: "help", topic: topic}, (transport) => {
+		   const dialog = new dijit.Dialog({
+			   id: "helpDlg",
+			   title: __("Help"),
+			   style: "width: 600px",
+			   content: transport.responseText,
+		   });
 
-		dialog.show();
+		   dialog.show();
+	   });
 	},
 	displayDlg: function(title, id, param, callback) {
 		Notify.progress("Loading, please wait...", true);
-- 
cgit v1.2.3-54-g00ecf