From 113b02fd71e4c88eea5ece62bc929f38285a38e4 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Thu, 13 Feb 2014 12:12:31 -0500 Subject: [PATCH] Fix encoding of contact ID in Ajax requests --- UI/WebServerResources/ContactsUI.js | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/UI/WebServerResources/ContactsUI.js b/UI/WebServerResources/ContactsUI.js index 93360260a..935daf3c9 100644 --- a/UI/WebServerResources/ContactsUI.js +++ b/UI/WebServerResources/ContactsUI.js @@ -244,7 +244,7 @@ function _onContactMenuAction(folderItem, action, refresh) { var selectedFolders = $("contactFolders").getSelectedNodes(); var folderId = $(folderItem).readAttribute("folderId"); if (folderId) - folderId = folderId.substring (1); + folderId = folderId.substring(1); if (Object.isArray(document.menuTarget) && selectedFolders.length > 0) { var selectedFolderId = $(selectedFolders[0]).readAttribute("id"); var contactIds = $(document.menuTarget).collect(function(row) { @@ -259,14 +259,17 @@ function _onContactMenuAction(folderItem, action, refresh) { } var url = ApplicationBaseURL + selectedFolderId + "/" + action; + var uids = contactIds.collect(function (s) { + return encodeURIComponent(s.unescapeHTML()); + }).join('&uid='); if (refresh) triggerAjaxRequest(url, actionContactCallback, selectedFolderId, - ('folder='+ folderId + '&uid=' + contactIds.join('&uid=')), + ('folder='+ folderId + '&uid=' + uids), { "Content-type": "application/x-www-form-urlencoded" }); else triggerAjaxRequest(url, actionContactCallback, null, - ('folder='+ folderId + '&uid=' + contactIds.join('&uid=')), + ('folder='+ folderId + '&uid=' + uids), { "Content-type": "application/x-www-form-urlencoded" }); } } @@ -334,7 +337,7 @@ function loadContact(idx) { } else { var url = (URLForFolderID(Contact.currentAddressBook) - + "/" + idx + "/view?noframe=1"); + + "/" + encodeURIComponent(idx.unescapeHTML()) + "/view?noframe=1"); document.contactAjaxRequest = triggerAjaxRequest(url, contactLoadCallback, idx); } @@ -498,8 +501,10 @@ function onToolbarDeleteSelectedContactsConfirm(dialogId) { for (var i = 0; i < rowIds.length; i++) $(rowIds[i]).hide(); triggerAjaxRequest(urlstr, onContactDeleteEventCallback, rowIds, - ('ids=' + rowIds.join(",")), - { "Content-type": "application/x-www-form-urlencoded" }); + ('ids=' + rowIds.collect(function (s) { + return encodeURIComponent(s.unescapeHTML()); + }).join(",")), + { "Content-type": "application/x-www-form-urlencoded" }); } function onContactDeleteEventCallback(http) { @@ -876,8 +881,7 @@ function deletePersonalAddressBookConfirm(folderId) { } var url = ApplicationBaseURL + folderId + "/delete"; document.deletePersonalABAjaxRequest - = triggerAjaxRequest(url, deletePersonalAddressBookCallback, - folderId); + = triggerAjaxRequest(url, deletePersonalAddressBookCallback, folderId); disposeDialog(); } @@ -1593,8 +1597,11 @@ function dropSelectedContacts(action, toId) { && fromId.substring(1) != toId) { var url = ApplicationBaseURL + fromId + "/" + action; + var uids = contactIds.collect(function (s) { + return encodeURIComponent(s.unescapeHTML()); + }).join('&uid='); triggerAjaxRequest(url, actionContactCallback, fromId, - ('folder='+ toId + '&uid=' + contactIds.join('&uid=')), + ('folder='+ toId + '&uid=' + uids), { "Content-type": "application/x-www-form-urlencoded" }); } }