fix(web(js)): improve encoding of folder paths in XHR calls

Fixes #4989
Alinto · May 4, 2020 · e7da4c1 · e7da4c1
1 parent cbf3d89
commit e7da4c1
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 23 deletions.
diff --git a/UI/WebServerResources/js/Common/Resource.service.js b/UI/WebServerResources/js/Common/Resource.service.js
@@ -42,6 +42,18 @@
    */
   angular.module('SOGo.Common').factory('Resource', Resource.$factory);
 
+  Resource.prototype.encodeURL = function(url) {
+    var _this = this,
+        segments = url;
+
+    if (!angular.isArray(segments)) {
+      segments = url.split('/');
+    }
+    return _.map(segments, function(segment) {
+      return _this._window.encodeURIComponent(segment.toString());
+    });
+  };
+
   /**
    * @function userResource
    * @memberof Resource.prototype
@@ -85,9 +97,9 @@
   Resource.prototype.fetch = function(folderId, action, params) {
     var deferred = this._q.defer(),
         path = [this._path];
-    if (folderId) path.push(folderId.split('/'));
+    if (folderId) path.push(this.encodeURL(folderId));
     if (action)   path.push(action);
-    path = this._window.encodeURI(_.compact(_.flatten(path)).join('/'));
+    path = _.compact(_.flatten(path)).join('/');
 
     this._http({
       method: 'GET',
@@ -114,7 +126,7 @@
   Resource.prototype.quietFetch = function(folderId, action, params) {
     var deferred = this._q.defer(),
         path = [this._path];
-    if (folderId) path.push(folderId.split('/'));
+    if (folderId) path.push(this.encodeURL(folderId));
     if (action)   path.push(action);
     path = _.compact(_.flatten(path)).join('/');
 
@@ -189,9 +201,9 @@
   Resource.prototype.post = function(id, action, data) {
     var deferred = this._q.defer(),
         path = [this._path];
-    if (id) path.push(id);
+    if (id) path.push(this.encodeURL(id));
     if (action) path.push(action);
-    path = this._window.encodeURI(_.compact(_.flatten(path)).join('/'));
+    path = _.compact(_.flatten(path)).join('/');
 
     this._http
       .post(path, data)
@@ -226,7 +238,7 @@
     var deferred = this._q.defer(),
         type = (options && options.type)? options.type : 'application/zip',
         path = [this._path];
-    if (id) path.push(id);
+    if (id) path.push(this.encodeURL(id));
     if (action) path.push(action);
     path = _.compact(_.flatten(path)).join('/');
 
@@ -293,7 +305,7 @@
    */
   Resource.prototype.remove = function(uid) {
     var deferred = this._q.defer(),
-        path = this._path + '/' + uid + '/delete';
+        path = _.flatten([this._path, this.encodeURL(uid), 'delete']).join('/');
 
     this._http
       .get(path)

diff --git a/UI/WebServerResources/js/Contacts/Card.service.js b/UI/WebServerResources/js/Contacts/Card.service.js
@@ -209,10 +209,7 @@
    * @returns the relative URL, properly encoded
    */
   Card.prototype.$path = function() {
-    return [
-      Card.encodeUri(this.pid),
-      Card.encodeUri(this.id)
-    ].join('/');
+    return [this.pid, this.id];
   };
 
   /**

diff --git a/UI/WebServerResources/js/Scheduler/Component.service.js b/UI/WebServerResources/js/Scheduler/Component.service.js
@@ -208,12 +208,12 @@
    * @see {@link Calendar.$getComponent}
    */
   Component.$find = function(calendarId, componentId, occurrenceId) {
-    var futureComponentData, path = [calendarId, encodeURIComponent(componentId)];
+    var futureComponentData, path = [calendarId, componentId];
 
     if (occurrenceId)
       path.push(occurrenceId);
 
-    futureComponentData = this.$$resource.fetch(path.join('/'), 'view');
+    futureComponentData = this.$$resource.fetch(path, 'view');
 
     return new Component(futureComponentData);
   };
@@ -933,7 +933,7 @@
    * @returns a promise of the HTTP operation
    */
   Component.prototype.$reply = function() {
-    var _this = this, data, path = [this.pid, encodeURIComponent(this.id)];
+    var _this = this, data, path = [this.pid, this.id];
 
     if (this.occurrenceId)
       path.push(this.occurrenceId);
@@ -944,7 +944,7 @@
       alarm: this.$hasAlarm? this.alarm : {}
     };
 
-    return Component.$$resource.save(path.join('/'), data, { action: 'rsvpAppointment' })
+    return Component.$$resource.save(path, data, { action: 'rsvpAppointment' })
       .then(function(data) {
         // Make a copy of the data for an eventual reset
         _this.$shadowData = _this.$omit();
@@ -959,7 +959,7 @@
    * @returns a promise of the HTTP operation
    */
   Component.prototype.$adjust = function(params) {
-    var path = [this.pid, encodeURIComponent(this.id)];
+    var path = [this.pid, this.id];
 
     if (_.every(_.values(params), function(v) { return v === 0; }))
       // No changes
@@ -970,7 +970,7 @@
 
     Component.$log.debug('adjust ' + path.join('/') + ' ' + JSON.stringify(params));
 
-    return Component.$$resource.save(path.join('/'), params, { action: 'adjust' });
+    return Component.$$resource.save(path, params, { action: 'adjust' });
   };
 
   /**
@@ -1055,7 +1055,7 @@
     }
 
     // Build URL
-    path = [this.pid, encodeURIComponent(this.id)];
+    path = [this.pid, this.id];
 
     if (this.isNew)
       options = { action: 'saveAs' + this.type.capitalize() };
@@ -1065,7 +1065,7 @@
 
     angular.extend(component, extraAttributes);
 
-    return Component.$$resource.save(path.join('/'), component, options)
+    return Component.$$resource.save(path, component, options)
       .then(function(data) {
         // Make a copy of the data for an eventual reset
         _this.$shadowData = _this.$omit();
@@ -1080,12 +1080,12 @@
    * @param {boolean} occurrenceOnly - delete this occurrence only
    */
   Component.prototype.remove = function(occurrenceOnly) {
-    var _this = this, path = [this.pid, encodeURIComponent(this.id)];
+    var _this = this, path = [this.pid, this.id];
 
     if (occurrenceOnly && this.occurrenceId)
       path.push(this.occurrenceId);
 
-    return Component.$$resource.remove(path.join('/'));
+    return Component.$$resource.remove(path);
   };
 
   /**
@@ -1177,7 +1177,7 @@
    * @returns a promise of the HTTP operation
    */
   Component.prototype.copyTo = function(calendar) {
-    return Component.$$resource.post(this.pid + '/' + encodeURIComponent(this.id), 'copy', {destination: calendar});
+    return Component.$$resource.post([this.pid, this.id], 'copy', {destination: calendar});
   };
 
   /**
@@ -1188,7 +1188,7 @@
    * @returns a promise of the HTTP operation
    */
   Component.prototype.moveTo = function(calendar) {
-    return Component.$$resource.post(this.pid + '/' + encodeURIComponent(this.id), 'move', {destination: calendar});
+    return Component.$$resource.post([this.pid, this.id], 'move', {destination: calendar});
   };
 
   Component.prototype.toString = function() {