Fix encoding of contact ID in Ajax requests

2014-02-13 12:12:31 -05:00 · 2014-02-13 12:12:31 -05:00 · 113b02fd71
parent 35b108e645
commit 113b02fd71
1 changed files with 16 additions and 9 deletions
--- a/UI/WebServerResources/ContactsUI.js
+++ b/UI/WebServerResources/ContactsUI.js
@ -244,7 +244,7 @@ function _onContactMenuAction(folderItem, action, refresh) {
    var selectedFolders = $("contactFolders").getSelectedNodes();
    var folderId = $(folderItem).readAttribute("folderId");
    if (folderId)
-      folderId = folderId.substring (1);
+      folderId = folderId.substring(1);
    if (Object.isArray(document.menuTarget) && selectedFolders.length > 0) {
        var selectedFolderId = $(selectedFolders[0]).readAttribute("id");
        var contactIds = $(document.menuTarget).collect(function(row) {
@ -259,14 +259,17 @@ function _onContactMenuAction(folderItem, action, refresh) {
        }

        var url = ApplicationBaseURL + selectedFolderId + "/" + action;
+        var uids = contactIds.collect(function (s) {
+                return encodeURIComponent(s.unescapeHTML());
+            }).join('&uid=');
        if (refresh)
            triggerAjaxRequest(url, actionContactCallback, selectedFolderId,
-                               ('folder='+ folderId + '&uid=' + contactIds.join('&uid=')),
+                               ('folder='+ folderId + '&uid=' + uids),
                               { "Content-type": "application/x-www-form-urlencoded" });

        else
            triggerAjaxRequest(url, actionContactCallback, null,
-                               ('folder='+ folderId + '&uid=' + contactIds.join('&uid=')),
+                               ('folder='+ folderId + '&uid=' + uids),
                               { "Content-type": "application/x-www-form-urlencoded" });
    }
 }
@ -334,7 +337,7 @@ function loadContact(idx) {
    }
    else {
        var url = (URLForFolderID(Contact.currentAddressBook)
-                   + "/" + idx + "/view?noframe=1");
+                   + "/" + encodeURIComponent(idx.unescapeHTML()) + "/view?noframe=1");
        document.contactAjaxRequest
            = triggerAjaxRequest(url, contactLoadCallback, idx);
    }
@ -498,8 +501,10 @@ function onToolbarDeleteSelectedContactsConfirm(dialogId) {
    for (var i = 0; i < rowIds.length; i++)
        $(rowIds[i]).hide();
    triggerAjaxRequest(urlstr, onContactDeleteEventCallback, rowIds,
-                           ('ids=' + rowIds.join(",")),
-                           { "Content-type": "application/x-www-form-urlencoded" });
+                       ('ids=' + rowIds.collect(function (s) {
+                               return encodeURIComponent(s.unescapeHTML());
+                           }).join(",")),
+        { "Content-type": "application/x-www-form-urlencoded" });
 }

 function onContactDeleteEventCallback(http) {
@ -876,8 +881,7 @@ function deletePersonalAddressBookConfirm(folderId) {
    }
    var url = ApplicationBaseURL + folderId + "/delete";
    document.deletePersonalABAjaxRequest
-        = triggerAjaxRequest(url, deletePersonalAddressBookCallback,
-                             folderId);
+        = triggerAjaxRequest(url, deletePersonalAddressBookCallback, folderId);

    disposeDialog();
 }
@ -1593,8 +1597,11 @@ function dropSelectedContacts(action, toId) {
            && fromId.substring(1) != toId) {

            var url = ApplicationBaseURL + fromId + "/" + action;
+            var uids = contactIds.collect(function (s) {
+                    return encodeURIComponent(s.unescapeHTML());
+                }).join('&uid=');
            triggerAjaxRequest(url, actionContactCallback, fromId,
-                                   ('folder='+ toId + '&uid=' + contactIds.join('&uid=')),
+                                   ('folder='+ toId + '&uid=' + uids),
                                   { "Content-type": "application/x-www-form-urlencoded" });
        }
    }