LupusNobilis
/
sogo
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Escape HTML in JSON of contacts module

pull/17/head
Francis Lachapelle 2014-02-07 15:52:43 -05:00
parent 7118bbe0ab
commit 80a0940765
4 changed files with 30 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
NEWS
View File

@ -40,7 +40,7 @@ Bug fixes
- warn user when dnd failed because of a resource conflict (#1613)
- respect the maximum number of bookings when viewing the freebusy information of a resource (#2560)
- encode HTML entities when forwarding an HTML message inline in plain text composition mode (#2411)
- encode HTML entities in JSON data returned by Calendar module (#2598)
- encode HTML entities in JSON data (#2598)
- fixed handling of ACLs on shared calendars with multiple groups (#1854)
- fixed HTML formatting of appointment notifications for Outlook (#2233)
- replace slashes by dashes in filenames of attachments to avoid a 404 return code (#2537)

3
UI/Contacts/UIxContactView.m
View File

@ -29,6 +29,7 @@
#import <NGCards/CardElement.h>
#import <NGCards/NSArray+NGCards.h>
#import <NGExtensions/NSString+Ext.h>
#import <NGExtensions/NSString+misc.h>
#import <SOGo/NSCalendarDate+SOGo.h>
#import <SOGo/SOGoDateFormatter.h>
@ -71,7 +72,7 @@
NSMutableString *cardString;
cardString = [NSMutableString stringWithCapacity: 80];
value = [value stringByReplacingString: @"\r" withString: @""];
value = [[value stringByReplacingString: @"\r" withString: @""] stringByEscapingHTMLString];
if ([value length] > 0)
{
if ([url length] > 0)

23
UI/Contacts/UIxContactsListActions.m
View File

@ -127,11 +127,32 @@
- (id <WOActionResults>) contactsListAction
{
id <WOActionResults> result;
id currentInfo;
NSArray *contactsList;
NSEnumerator *contactsListEnumerator, *keysEnumerator;
NSMutableArray *newContactsList;
NSMutableDictionary *currentContactDictionary;
NSString *key;
contactsList = [self contactInfos];
contactsListEnumerator = [contactsList objectEnumerator];
newContactsList = [NSMutableArray arrayWithCapacity: [contactsList count]];
// Escape HTML
while ((currentContactDictionary = [contactsListEnumerator nextObject]))
{
keysEnumerator = [currentContactDictionary keyEnumerator];
while ((key = [keysEnumerator nextObject]))
{
currentInfo = [currentContactDictionary objectForKey: key];
if ([currentInfo respondsToSelector: @selector (stringByEscapingHTMLString)])
[currentContactDictionary setObject: [currentInfo stringByEscapingHTMLString] forKey: key];
}
[newContactsList addObject: currentContactDictionary];
}
result = [self responseWithStatus: 200
andString: [contactsList jsonRepresentation]];
andString: [newContactsList jsonRepresentation]];
return result;
}

10
UI/WebServerResources/ContactsUI.js
View File

@ -103,13 +103,13 @@ function contactsListCallback(http) {
null,
null,
row);
cell.appendChild(document.createTextNode(contact["c_cn"]));
cell.update(contact["c_cn"]);
cell.title = contact["c_cn"];
cell = document.createElement("td");
row.appendChild(cell);
if (contact["c_mail"]) {
cell.appendChild(document.createTextNode(contact["c_mail"]));
cell.update(contact["c_mail"]);
cell.title = contact["c_mail"];
}
@ -117,17 +117,17 @@ function contactsListCallback(http) {
cell = document.createElement("td");
row.appendChild(cell);
if (contact["c_screenname"])
cell.appendChild(document.createTextNode(contact["c_screenname"]));
cell.update(contact["c_screenname"]);
cell = document.createElement("td");
row.appendChild(cell);
if (contact["c_o"])
cell.appendChild(document.createTextNode(contact["c_o"]));
cell.update(contact["c_o"]);
cell = document.createElement("td");
row.appendChild(cell);
if (contact["c_telephonenumber"])
cell.appendChild(document.createTextNode(contact["c_telephonenumber"]));
cell.update(contact["c_telephonenumber"]);
}
}
}