Remove eval from Lightbox (#878)

themes/bootstrap3/js/lightbox.js

@@ -184,9 +184,23 @@ VuFind.register('lightbox', function Lightbox() {
   function _evalCallback(callback, event, data) {
     if ('function' === typeof window[callback]) {
       return window[callback](event, data);
-    } else {
-      return eval('(function(event, data) {' + callback + '}())'); // inline code
     }
+    var parts = callback.split('.');
+    if (typeof window[parts[0]] === 'object') {
+      var obj = window[parts[0]];
+      for (var i = 1; i < parts.length; i++) {
+        if (typeof obj[parts[i]] === 'undefined') {
+          obj = false;
+          break;
+        }
+        obj = obj[parts[i]];
+      }
+      if ('function' === typeof obj) {
+        return obj(event, data);
+      }
+    }
+    console.error('Lightbox callback function not found.');
+    return null;
   }
 
   /**

themes/bootstrap3/templates/myresearch/delete.phtml

 <h2><?=$this->transEsc('delete_selected_favorites')?></h2>
- <form action="<?=$this->url('myresearch-delete')?>" method="post" name="bulkDelete" data-lightbox-onclose="VuFind.refreshPage();">
+ <form action="<?=$this->url('myresearch-delete')?>" method="post" name="bulkDelete" data-lightbox-onclose="VuFind.refreshPage">
   <div id="popupMessages"><?=$this->flashmessages()?></div>
   <div id="popupDetails">
     <? if (!$this->list): ?>

themes/bootstrap3/templates/record/addtag.phtml

@@ -9,7 +9,7 @@
 ?>
 <div class="record">
   <h2><?=$this->transEsc('Add Tags') ?></h2>
-  <form method="post" name="tagRecord" class="form-horizontal" data-lightbox-onclose="refreshTagList();">
+  <form method="post" name="tagRecord" class="form-horizontal" data-lightbox-onclose="refreshTagList">
     <input type="hidden" name="submit" value="1" />
     <input type="hidden" name="id" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueId())?>" />
     <input type="hidden" name="source" value="<?=$this->escapeHtmlAttr($this->driver->getSourceIdentifier())?>" />

themes/bootstrap3/templates/record/save.phtml

@@ -8,7 +8,7 @@
     . '<li class="active">' . $this->transEsc('Save') . '</li>';
 ?>
 <h2><?=$this->transEsc("add_favorite_prefix") ?> <span class="title-in-heading"><?=$this->escapeHtml($this->driver->getBreadcrumb())?></span> <?=$this->transEsc("add_favorite_suffix") ?></h2>
-<form id="edit-save-form" class="form-horizontal" method="post" action="<?=$this->recordLink()->getActionUrl($this->driver, 'Save')?>" name="saveRecord" data-lightbox-onclose="checkSaveStatuses();">
+<form id="edit-save-form" class="form-horizontal" method="post" action="<?=$this->recordLink()->getActionUrl($this->driver, 'Save')?>" name="saveRecord" data-lightbox-onclose="checkSaveStatuses">
   <input type="hidden" name="submit" value="1" />
   <input type="hidden" name="id" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueId()) ?>" />
   <input type="hidden" name="source" value="<?=$this->escapeHtmlAttr($this->driver->getSourceIdentifier())?>" />

themes/bootstrap3/templates/record/sms.phtml

@@ -8,8 +8,15 @@
     . '<li>' . $this->recordLink()->getBreadcrumb($this->driver) . '</li> '
     . '<li class="active">' . $this->transEsc('Text this') . '</li>';
 ?>
+<? $validatorCallback = <<<JS
+  function phoneNumberValidation() {
+    return phoneNumberFormHandler('sms_to', '{$this->validation}');
+  }
+JS;
+?>
+<?=$this->inlineScript(\Zend\View\Helper\HeadScript::SCRIPT, $validatorCallback, 'SET'); ?>
 <h2><?=$this->transEsc('Text this') ?>: <span class="title-in-heading"><?=$this->escapeHtml($this->driver->getBreadcrumb())?></span></h2>
-<form method="post" name="smsRecord" class="form-horizontal"<? if(isset($this->validation) && !empty($this->validation)):?> data-lightbox-onsubmit="return phoneNumberFormHandler('sms_to', '<?=$this->validation ?>')"<? endif; ?>>
+<form method="post" name="smsRecord" class="form-horizontal"<? if(isset($this->validation) && !empty($this->validation)):?> data-lightbox-onsubmit="phoneNumberValidation"<? endif; ?>>
   <?=$this->flashmessages()?>
   <input type="hidden" name="id" value="<?=$this->escapeHtmlAttr($this->driver->getUniqueId())?>" />
   <input type="hidden" name="source" value="<?=$this->escapeHtmlAttr($this->driver->getSourceIdentifier())?>" />