Fix encoding of contact ID in Ajax requests

UI/WebServerResources/ContactsUI.js

@@ -244,7 +244,7 @@ function _onContactMenuAction(folderItem, action, refresh) {
     var selectedFolders = $("contactFolders").getSelectedNodes();
     var folderId = $(folderItem).readAttribute("folderId");
     if (folderId)
-      folderId = folderId.substring (1);
+      folderId = folderId.substring(1);
     if (Object.isArray(document.menuTarget) && selectedFolders.length > 0) {
         var selectedFolderId = $(selectedFolders[0]).readAttribute("id");
         var contactIds = $(document.menuTarget).collect(function(row) {
@@ -259,14 +259,17 @@ function _onContactMenuAction(folderItem, action, refresh) {
         }
 
         var url = ApplicationBaseURL + selectedFolderId + "/" + action;
+        var uids = contactIds.collect(function (s) {
+                return encodeURIComponent(s.unescapeHTML());
+            }).join('&uid=');
         if (refresh)
             triggerAjaxRequest(url, actionContactCallback, selectedFolderId,
-                               ('folder='+ folderId + '&uid=' + contactIds.join('&uid=')),
+                               ('folder='+ folderId + '&uid=' + uids),
                                { "Content-type": "application/x-www-form-urlencoded" });
 
         else
             triggerAjaxRequest(url, actionContactCallback, null,
-                               ('folder='+ folderId + '&uid=' + contactIds.join('&uid=')),
+                               ('folder='+ folderId + '&uid=' + uids),
                                { "Content-type": "application/x-www-form-urlencoded" });
     }
 }
@@ -334,7 +337,7 @@ function loadContact(idx) {
     }
     else {
         var url = (URLForFolderID(Contact.currentAddressBook)
-                   + "/" + idx + "/view?noframe=1");
+                   + "/" + encodeURIComponent(idx.unescapeHTML()) + "/view?noframe=1");
         document.contactAjaxRequest
             = triggerAjaxRequest(url, contactLoadCallback, idx);
     }
@@ -498,8 +501,10 @@ function onToolbarDeleteSelectedContactsConfirm(dialogId) {
     for (var i = 0; i < rowIds.length; i++)
         $(rowIds[i]).hide();
     triggerAjaxRequest(urlstr, onContactDeleteEventCallback, rowIds,
-                           ('ids=' + rowIds.join(",")),
+                       ('ids=' + rowIds.collect(function (s) {
-                           { "Content-type": "application/x-www-form-urlencoded" });
+                               return encodeURIComponent(s.unescapeHTML());
+                           }).join(",")),
+        { "Content-type": "application/x-www-form-urlencoded" });
 }
 
 function onContactDeleteEventCallback(http) {
@@ -876,8 +881,7 @@ function deletePersonalAddressBookConfirm(folderId) {
     }
     var url = ApplicationBaseURL + folderId + "/delete";
     document.deletePersonalABAjaxRequest
-        = triggerAjaxRequest(url, deletePersonalAddressBookCallback,
+        = triggerAjaxRequest(url, deletePersonalAddressBookCallback, folderId);
-                             folderId);
 
     disposeDialog();
 }
@@ -1593,8 +1597,11 @@ function dropSelectedContacts(action, toId) {
             && fromId.substring(1) != toId) {
 
             var url = ApplicationBaseURL + fromId + "/" + action;
+            var uids = contactIds.collect(function (s) {
+                    return encodeURIComponent(s.unescapeHTML());
+                }).join('&uid=');
             triggerAjaxRequest(url, actionContactCallback, fromId,
-                                   ('folder='+ toId + '&uid=' + contactIds.join('&uid=')),
+                                   ('folder='+ toId + '&uid=' + uids),
                                    { "Content-type": "application/x-www-form-urlencoded" });
         }
     }