Escape HTML in JSON of contacts module
Francis Lachapelle
parent
7118bbe0ab
commit
80a0940765
2
NEWS
2
NEWS
|
|
@ -40,7 +40,7 @@ Bug fixes
|
||||||
- warn user when dnd failed because of a resource conflict (#1613)
|
- warn user when dnd failed because of a resource conflict (#1613)
|
||||||
- respect the maximum number of bookings when viewing the freebusy information of a resource (#2560)
|
- respect the maximum number of bookings when viewing the freebusy information of a resource (#2560)
|
||||||
- encode HTML entities when forwarding an HTML message inline in plain text composition mode (#2411)
|
- encode HTML entities when forwarding an HTML message inline in plain text composition mode (#2411)
|
||||||
- encode HTML entities in JSON data returned by Calendar module (#2598)
|
- encode HTML entities in JSON data (#2598)
|
||||||
- fixed handling of ACLs on shared calendars with multiple groups (#1854)
|
- fixed handling of ACLs on shared calendars with multiple groups (#1854)
|
||||||
- fixed HTML formatting of appointment notifications for Outlook (#2233)
|
- fixed HTML formatting of appointment notifications for Outlook (#2233)
|
||||||
- replace slashes by dashes in filenames of attachments to avoid a 404 return code (#2537)
|
- replace slashes by dashes in filenames of attachments to avoid a 404 return code (#2537)
|
||||||
|
|
|
||||||
|
|
@ -29,6 +29,7 @@
|
||||||
#import <NGCards/CardElement.h>
|
#import <NGCards/CardElement.h>
|
||||||
#import <NGCards/NSArray+NGCards.h>
|
#import <NGCards/NSArray+NGCards.h>
|
||||||
#import <NGExtensions/NSString+Ext.h>
|
#import <NGExtensions/NSString+Ext.h>
|
||||||
|
#import <NGExtensions/NSString+misc.h>
|
||||||
|
|
||||||
#import <SOGo/NSCalendarDate+SOGo.h>
|
#import <SOGo/NSCalendarDate+SOGo.h>
|
||||||
#import <SOGo/SOGoDateFormatter.h>
|
#import <SOGo/SOGoDateFormatter.h>
|
||||||
|
|
@ -71,7 +72,7 @@
|
||||||
NSMutableString *cardString;
|
NSMutableString *cardString;
|
||||||
|
|
||||||
cardString = [NSMutableString stringWithCapacity: 80];
|
cardString = [NSMutableString stringWithCapacity: 80];
|
||||||
value = [value stringByReplacingString: @"\r" withString: @""];
|
value = [[value stringByReplacingString: @"\r" withString: @""] stringByEscapingHTMLString];
|
||||||
if ([value length] > 0)
|
if ([value length] > 0)
|
||||||
{
|
{
|
||||||
if ([url length] > 0)
|
if ([url length] > 0)
|
||||||
|
|
|
||||||
|
|
@ -127,11 +127,32 @@
|
||||||
- (id <WOActionResults>) contactsListAction
|
- (id <WOActionResults>) contactsListAction
|
||||||
{
|
{
|
||||||
id <WOActionResults> result;
|
id <WOActionResults> result;
|
||||||
|
id currentInfo;
|
||||||
NSArray *contactsList;
|
NSArray *contactsList;
|
||||||
|
NSEnumerator *contactsListEnumerator, *keysEnumerator;
|
||||||
|
NSMutableArray *newContactsList;
|
||||||
|
NSMutableDictionary *currentContactDictionary;
|
||||||
|
NSString *key;
|
||||||
|
|
||||||
contactsList = [self contactInfos];
|
contactsList = [self contactInfos];
|
||||||
|
contactsListEnumerator = [contactsList objectEnumerator];
|
||||||
|
newContactsList = [NSMutableArray arrayWithCapacity: [contactsList count]];
|
||||||
|
|
||||||
|
// Escape HTML
|
||||||
|
while ((currentContactDictionary = [contactsListEnumerator nextObject]))
|
||||||
|
{
|
||||||
|
keysEnumerator = [currentContactDictionary keyEnumerator];
|
||||||
|
while ((key = [keysEnumerator nextObject]))
|
||||||
|
{
|
||||||
|
currentInfo = [currentContactDictionary objectForKey: key];
|
||||||
|
if ([currentInfo respondsToSelector: @selector (stringByEscapingHTMLString)])
|
||||||
|
[currentContactDictionary setObject: [currentInfo stringByEscapingHTMLString] forKey: key];
|
||||||
|
}
|
||||||
|
[newContactsList addObject: currentContactDictionary];
|
||||||
|
}
|
||||||
|
|
||||||
result = [self responseWithStatus: 200
|
result = [self responseWithStatus: 200
|
||||||
andString: [contactsList jsonRepresentation]];
|
andString: [newContactsList jsonRepresentation]];
|
||||||
|
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -103,13 +103,13 @@ function contactsListCallback(http) {
|
||||||
null,
|
null,
|
||||||
null,
|
null,
|
||||||
row);
|
row);
|
||||||
cell.appendChild(document.createTextNode(contact["c_cn"]));
|
cell.update(contact["c_cn"]);
|
||||||
cell.title = contact["c_cn"];
|
cell.title = contact["c_cn"];
|
||||||
|
|
||||||
cell = document.createElement("td");
|
cell = document.createElement("td");
|
||||||
row.appendChild(cell);
|
row.appendChild(cell);
|
||||||
if (contact["c_mail"]) {
|
if (contact["c_mail"]) {
|
||||||
cell.appendChild(document.createTextNode(contact["c_mail"]));
|
cell.update(contact["c_mail"]);
|
||||||
cell.title = contact["c_mail"];
|
cell.title = contact["c_mail"];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -117,17 +117,17 @@ function contactsListCallback(http) {
|
||||||
cell = document.createElement("td");
|
cell = document.createElement("td");
|
||||||
row.appendChild(cell);
|
row.appendChild(cell);
|
||||||
if (contact["c_screenname"])
|
if (contact["c_screenname"])
|
||||||
cell.appendChild(document.createTextNode(contact["c_screenname"]));
|
cell.update(contact["c_screenname"]);
|
||||||
|
|
||||||
cell = document.createElement("td");
|
cell = document.createElement("td");
|
||||||
row.appendChild(cell);
|
row.appendChild(cell);
|
||||||
if (contact["c_o"])
|
if (contact["c_o"])
|
||||||
cell.appendChild(document.createTextNode(contact["c_o"]));
|
cell.update(contact["c_o"]);
|
||||||
|
|
||||||
cell = document.createElement("td");
|
cell = document.createElement("td");
|
||||||
row.appendChild(cell);
|
row.appendChild(cell);
|
||||||
if (contact["c_telephonenumber"])
|
if (contact["c_telephonenumber"])
|
||||||
cell.appendChild(document.createTextNode(contact["c_telephonenumber"]));
|
cell.update(contact["c_telephonenumber"]);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue