Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update JQuery & JQueryUI #3813

Closed
sgiehl opened this issue Mar 11, 2013 · 105 comments
Closed

Update JQuery & JQueryUI #3813

sgiehl opened this issue Mar 11, 2013 · 105 comments
Assignees
Labels
Bug For errors / faults / flaws / inconsistencies etc. Critical Indicates the severity of an issue is very critical and the issue has a very high priority.
Milestone

Comments

@sgiehl
Copy link
Member

sgiehl commented Mar 11, 2013

We need to do an update of JQuery and JQueryUI.

JQuery 1.7.2 -> 1.9.1
JQueryUI 1.8.22 -> 1.10.2

As the last update was quite a long time ago, there might be some code changes required...

@sgiehl
Copy link
Member Author

sgiehl commented Mar 11, 2013

Note to myself: Have a look at https://github.com/jquery/jquery-migrate/#readme

@sgiehl
Copy link
Member Author

sgiehl commented Mar 11, 2013

The history plugin we are using doesn't work with new jquery version. Unfortunatly it is not maintained anymore (see http://tkyk.github.com/jquery-history-plugin/). I'll try to fix that plugin or look for something to use instead

@sgiehl
Copy link
Member Author

sgiehl commented Mar 14, 2013

It might also be possible to remove the jquery.tooltip plugin. It is not maintained anymore and jquery ui has now also a tooltip widget included...

@sgiehl
Copy link
Member Author

sgiehl commented Mar 17, 2013

We will also have to update jqplot. As the old version doesn't work with new jquery

@gka
Copy link
Contributor

gka commented Mar 20, 2013

FYI: I tried to upgrade while working on the map widget, but that opened a door to hell so I stopped it after two lost hours or so.

@sgiehl
Copy link
Member Author

sgiehl commented Mar 30, 2013

In 5e59c59: refs #3813 jquery, jqueryui & jqplot update + some fixes

@sgiehl
Copy link
Member Author

sgiehl commented Mar 30, 2013

In ab52eb7: refs #3813 jqueryui css update + dialog fixes

@sgiehl
Copy link
Member Author

sgiehl commented Mar 30, 2013

In 5667e91: refs #3813 widget reload on changing column layout was broken

@sgiehl
Copy link
Member Author

sgiehl commented Mar 30, 2013

In f3806a2: refs #3813 readding jQuery.browser plugin, as it has been removed in 1.9

@sgiehl
Copy link
Member Author

sgiehl commented Mar 30, 2013

In b5ab89c: refs #3813 css files in libs folder should always be included first, so they can be overwritten in piwik css as clean as possible

@sgiehl
Copy link
Member Author

sgiehl commented Mar 30, 2013

In 237517a: refs #3813 use piwik tooltip styling for map tooltips

@sgiehl
Copy link
Member Author

sgiehl commented Mar 30, 2013

In f61bbbc: refs #3813 use jqueryui tooltip plugin instead of piwiks selfmade one for datatables

@sgiehl
Copy link
Member Author

sgiehl commented Mar 30, 2013

In ed55758: refs #3813 use jqueryui tooltip plugin instead of piwiks selfmade one for transitions

@sgiehl
Copy link
Member Author

sgiehl commented Mar 30, 2013

In 7c58481: refs #3813 use jqueryui tooltip plugin instead of piwiks selfmade one for overlay

@sgiehl
Copy link
Member Author

sgiehl commented Mar 30, 2013

In 82de4cc: refs #3813 use jqueryui tooltip plugin instead of piwiks selfmade one for jqplot graphs

@sgiehl
Copy link
Member Author

sgiehl commented Mar 30, 2013

In b823598: refs #3813 removing now unused piwik tooltip.js

@sgiehl
Copy link
Member Author

sgiehl commented Mar 30, 2013

In 0048ce3: refs #3813 minified jqplot

@sgiehl
Copy link
Member Author

sgiehl commented Mar 30, 2013

In 670a0d2: refs #3813 upgrade to jQueryUI 1.10.2

@sgiehl
Copy link
Member Author

sgiehl commented Mar 30, 2013

In f563073: refs #3813 fixed language selector: always use form to post data, as token_auth is required for users so setting a correct link is obsolete now

@timo-bes
Copy link
Member

In 7fd5e00: refs #3813 polishing tooltip a little: using arial and same font size for title as table headings

@timo-bes
Copy link
Member

Stefan, did you use fade-in for showing the tooltip on purpose? IMHO, it's not ideal in some cases.

For example:

  • When you open a row action popover, the tip stays there for a second and fades out quite slowly. This looks a little broken because it's above the popover background.
  • In Transitions, when an item on the left or right has multiple lines and you move the mouse from one line to the next, the tip fades out an in. (Tested in Chrome and Safari)
  • While fading, the tooltip moves not really fluidly. To me, that feels like you have to be careful not to break it when using the UI.
  • In Transitions, when you hover an item in the center, it says X% of all page views. When you leave the item and move your mose down, you might put your mouse on the tooltip while it's fading out. This prevents the next tooltip from showing. This happend to me a number of times and it took me a while to figure out that this is because I move my mouse over the fading tooltip and then stop moving. As a result, tooltips sometimes don't show up and it feels a little broken.

So I would propose not to use fade-in and all these items should be fixed. What do you think?

Is there a way to set the default options for $.toolip? Or would we have change every call?

@sgiehl
Copy link
Member Author

sgiehl commented Mar 30, 2013

Currenty the default behaviour is used.
I don't think a global config is possible. I'll change every call and disable animations.

@sgiehl
Copy link
Member Author

sgiehl commented Mar 30, 2013

In 6defcda: refs #3813 disabled animations for tooltips

@sgiehl
Copy link
Member Author

sgiehl commented Mar 30, 2013

I'll close that ticket for now. If there are any regressions please reopen.

@mattab
Copy link
Member

mattab commented Apr 1, 2013

Superb commits... It is very useful to use these latest versions.

Feedback:

  • would it be possible to remove the jquery.browser.js? asking because the lib is deprecated
  • Maybe not a regression of this change, but on Widget view for a report, clicking "Row evolution" icon reloads the view rather than loading popover.
  • When a widget is maximised, clicking on the background should close the popover. Currently it does not. Clicking the "X" icon top right still works OK.
  • Note sure if it's a regression: Row Evolution popover eg. for Countries, or for Search engines Row Evolution, display the html code of the Icon, instead of displaying the icon in the popover title.

Great work anyway, works nicely.

Btw, are there other JS libraries, or JS plugins, we could update to their latest versions as well?

@sgiehl
Copy link
Member Author

sgiehl commented Apr 1, 2013

I considered replacing jquery.browser, but I don't think it makes sense, so I readded it as a "plugin". jQuery suggests to replace it with one of those feature detection frameworks.
Also kartograph.js uses jquery.browser and I guess greg would have to change that there...

I'll have a look at your regressions and fix them asap.

I had a look at the other jquery plugins we are still using, but there aren't any newer versions.

@sgiehl
Copy link
Member Author

sgiehl commented Apr 1, 2013

In 87d16ae: refs #3813 fixed maximised widgets not closing on click outside

@sgiehl
Copy link
Member Author

sgiehl commented Apr 1, 2013

In 089b7df: refs #3813 allow html for popover dialog title

@mattab
Copy link
Member

mattab commented Apr 2, 2013

I deployed these fixes on demo and it now works!

The last feedback would be to allow Row evolution and other RowActions in Widgetize mode, and maybe have a rule to enable them only if Width available > 700 or so.

@timo-bes
Copy link
Member

timo-bes commented Apr 2, 2013

Thanks for the updates, it's almost perfect now...

When a row action is clicked, the tooltip is not hidden immediately (i.e. in the click event). In Transitions, it is hidden once the popover content is loaded (which can be seconds after the click). For Row Evolution and Overlay, it is not hidden at all (at least as long as the mouse is not moved).
Could you hide the tooltip in the click event?

@mattab
Copy link
Member

mattab commented Apr 16, 2013

Nice updates!

Updated beta10 to demo and found some bugs:

  • the "Export as image" icon below evolution graph is not triggering the "Save As" box (does nothing)
  • on Search engines report, clicking "Make it flat" loads "no data".
  • on widgetize dashboard, clicking Row Evolution works, but it also displays "Loading Data..." below the "calendar". Instead it should not show this "Loading data..." since the popover loading message is enough.

@mattab
Copy link
Member

mattab commented Apr 16, 2013

There was also a bug reported in the forums on IE8.

  • Using IE8, go to Actions> Page title report
  • Click on "Related report: Entry page titles" in the footer
  • error: "Message: Syntax error, unrecognized expression: The plugin undefined is not enabled. You can activate the plugin on Settings > Plugins page in Piwik."

@timo-bes
Copy link
Member

In 57cd347: refs #3813 fixing export as image

@sgiehl
Copy link
Member Author

sgiehl commented Apr 16, 2013

In f2f4cd1: refs #3813 do not show a loading message if broadcast is initalized for popovers

@sgiehl
Copy link
Member Author

sgiehl commented Apr 16, 2013

Replying to matt:

Seems to be related to the callbacks used by the api method of that datatable. Removing them makes the table work... don't know why -.-

  • on widgetize dashboard, clicking Row Evolution works, but it also displays "Loading Data..." below the "calendar". Instead it should not show this "Loading data..." since the popover loading message is enough.

fixed by my last commit

@sgiehl
Copy link
Member Author

sgiehl commented Apr 16, 2013

In 07d96a0: refs #3813 fixes ie8 bug

@sgiehl
Copy link
Member Author

sgiehl commented Apr 17, 2013

As the search engines report seems to be fixed with [204cbc0]. I guess everything is done?

@mattab
Copy link
Member

mattab commented Apr 17, 2013

Nice fixes! I upgraded demo to b11.

I found a few more bugs:

  • Go to: here , click "all website" and the subtable loads "Google" but shows "1-25 of 102 Next " which is the paging info for the main table. Instead subtable paging should be "1-1 of 1" without next button.
    • similar/duplicate bug in search: Go to here search for "clear" below the subtable. On loading the search results, note that the paging information is wrong, and the "Next" button is displayed. Instead it should show "1-3 of 3" for the 3 search results, and hide the "next" button.
  • Row evolution regression: going to: dashboard, click on "Browser>Chrome row evolution" does not load the popover.

@mattab
Copy link
Member

mattab commented Apr 17, 2013

Somehow the "Row evolution regressioN" I cannot replicate consistently.. sometimes it work, sometimes it doesn't.

Also tested dashboard and found:

  • Copying dashboard to user does not work. in the URL: user=undefined
  • Renaming dashboard also bugs

@sgiehl
Copy link
Member Author

sgiehl commented Apr 17, 2013

In 0f80874: refs #3813 fixing dashboard regressions: jQuery.attr('value') might not return correct value anymore. use jQuery.val() instead!

@timo-bes
Copy link
Member

In 8d672e5: refs #3813 fixing subtable pagination

@timo-bes
Copy link
Member

In 8e95c37: refs #3813 fixing pagination after searching in a report

@sgiehl
Copy link
Member Author

sgiehl commented Apr 18, 2013

In 235a231: refs #3813 popover param wasn't removed in some cases; popover wasn't closed when using browsers back button on pages with empty hash part in url

@mattab
Copy link
Member

mattab commented Apr 20, 2013

The new Tooltip introduces XSS in Piwik!

Payload: piwik.php?idsite=1&rec=1&apiv=1&r=641368&_id=e1f7d8e178b7a866&3A42&fla=1&java=1&dir=0&qt=0&realp=0&pdf=0&wma=0&gears=0&ag=0&h=12&m=34&s=6&res=1024x768&cookie=1&url=http%3A%2F%2Fexample.org%2Findex.html&urlref=http%3A%2F%2Fthing1.com%2Fa%2Fb%2Fc.html%3Fa%3Db%26d%3Dc&action_name=second+page&urlref=http://example3.com/test%3E%22%27%3E%3Cscript%3Ealert%28%27XSS%27%29%3C/script%3E

Then go to Referers> Websites

I get a 'XSS' popup!

Luckyly I often use XSS payloads to test ;-)

Thanks for fixing!

@mattab
Copy link
Member

mattab commented Apr 20, 2013

And nice work on the other fixes, appart from above, I can't find other problems for now :)

@sgiehl
Copy link
Member Author

sgiehl commented Apr 20, 2013

I don't think that is caused by the tooltips, as they escape html by default. But I'll have a look...

@sgiehl
Copy link
Member Author

sgiehl commented Apr 20, 2013

In ab74f93: refs #3813 escape html title attribute to avoid possible XSS

@mattab
Copy link
Member

mattab commented Apr 21, 2013

The bug is in the tooltip somehow (I think).

Fixing the datatable_cell is not enough as it appears in other cases as well:

 piwik.php?action_name=%C3%83%E2%80%9E&idsite=1&rec=1&r=604235&h=11&m=3&s=38&url=http%3A%2F%2Flocalhost%2F&_id=c7200934de2aba4e&_idts=1364427469&_idvc=3&_idn=0&_refts=1366498880&_viewts=1365810845&_ref=http%3A%2F%2Freferrer.example.com%2Fpage%2Fsub%3Fquery%3Dtest%26test2%3Dtest3&cs=windows-1252&cvar=%7B%222%22%3A%5B%22%3Cscript%3Ealert(%27xss%27)%3B%3C%2Fscript%3E%22%2C%22%3Cscript%3Ealert(%27xss%27)%3B%3C%2Fscript%3E%22%5D%2C%221%22%3A%5B%22pagecvar%22%2C%22%20WOOOW%20%22%5D%7D&pdf=0&qt=0&realp=0&wma=0&dir=0&fla=1&java=0&gears=0&ag=0&cookie=1&res=1920x1080&generation_time_ms=23 ```

Here it appears as a "Custom variable of page scope" in the Visitor Log, on hover on the page, it shows a XSS popup.  (I could send few even more payloads for other reports).

So +1 for revert previous and let me know if you find a solution that would fix it globally (if not I can take a look!) thanks!

@sgiehl
Copy link
Member Author

sgiehl commented Apr 21, 2013

In c1eb200: refs #3813 escape tooltip content for visitorlog to fix possible XSS

@mattab
Copy link
Member

mattab commented Apr 22, 2013

  • When there is no data in the Visitor Log, the "Next" is displayed but it shouldn't be (since paging will not show data for the currently selected date)

@timo-bes
Copy link
Member

"Next" is always shown in the visitor log. This is a hack that has been there forever. When I made the latest changes to the plugin, I made the hack better (i.e. less ugly) but it's still there. My point is that it's not related to this ticket and not even a regression. It could be added to a list of possible improvements for the visitor log.

@mattab
Copy link
Member

mattab commented Apr 22, 2013

Thanks for clarification.

@sgiehl
Copy link
Member Author

sgiehl commented May 1, 2013

Another try to close that ticket.
Hope there aren't any other regressions...

@mattab
Copy link
Member

mattab commented May 5, 2013

Thanks Stefan. Sorry for silence last few days... I plan to do a bit more testing this week but code/features look very good!

@sgiehl sgiehl added this to the 1.12 - The Great 1.x Backlog milestone Jul 8, 2014
@sgiehl sgiehl self-assigned this Jul 8, 2014
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Bug For errors / faults / flaws / inconsistencies etc. Critical Indicates the severity of an issue is very critical and the issue has a very high priority.
Projects
None yet
Development

No branches or pull requests

5 participants