Skip to content

Commit

Permalink
fix: Use explicit getters and setters for common properties
Browse files Browse the repository at this point in the history 
This ensures values are correctly escaped.

When setting properties using SetDescription, it is escaped. This
ensures a well-formed iCal file. Using GetDescription returns the
unescaped string, resulting in a well-rendered frontend.
  • Loading branch information
@frereit
frereit committed Feb 15, 2024
1 parent dd65199 commit 5fb25f0
Show file tree
Hide file tree
Showing 4 changed files with 23 additions and 34 deletions.
16 changes: 4 additions & 12 deletions cmd/ical-relay/handlers.go
View file
Expand Up @@ -224,28 +224,20 @@ func getEventsByDay(calendar *ics.Calendar, profileName string) calendarDataByDa
log.Errorln(err)
}

summary := event.GetProperty("SUMMARY")
var summarytext string
if summary != nil {
summarytext = summary.Value
} else {
summarytext = ""
}
data := eventData{
"title": summarytext,
"title": event.GetSummary(),
"start": startTime,
"show_start": showStart,
"end": endTime,
"show_end": showEnd,
"id": event.GetProperty("UID").Value,
"edit_url": edit_url.String(),
}
description := event.GetProperty("DESCRIPTION")
if description != nil {
data["description"] = description.Value
if event.GetProperty("DESCRIPTION") != nil {
data["description"] = event.GetDescription()
}
if event.GetProperty("LOCATION") != nil {
data["location"] = event.GetProperty("LOCATION").Value
data["location"] = event.GetLocation()
}
startDay := time.Date(startTime.Year(), startTime.Month(), startTime.Day(), 0, 0, 0, 0, time.UTC)
endDay := time.Date(endTime.Year(), endTime.Month(), endTime.Day(), 0, 0, 0, 0, time.UTC)
Expand Down
17 changes: 7 additions & 10 deletions cmd/ical-relay/templates/edit.html
View file
Expand Up @@ -8,8 +8,7 @@
{{template "nav.html" .}}
<main class="container">
<h1 class="mb-3">
{{ if .Event.GetProperty "SUMMARY" }}{{(.Event.GetProperty
"SUMMARY").Value}}{{ end }} bearbeiten
{{ if .Event.GetProperty "SUMMARY" }}{{.Event.GetSummary }}{{ end }} bearbeiten
</h1>
<div class="alert alert-danger" id="edit-error" style="display: none">
Es ist ein Fehler aufgetreten! Sind Sie eingeloggt?
Expand All @@ -19,16 +18,14 @@ <h1 class="mb-3">
<label for="summary" class="col-sm-1 col-form-label">Titel</label>
<div class="col-sm-11">
<input type="text" class="form-control" id="summary" name="summary"
value="{{ if .Event.GetProperty "SUMMARY" }}{{(.Event.GetProperty
"SUMMARY").Value}}{{ end }}">
value="{{ if .Event.GetProperty "SUMMARY" }}{{ .Event.GetSummary }}{{ end }}">
</div>
</div>
<div class="row mb-3">
<label for="location" class="col-sm-1 col-form-label">Ort</label>
<div class="col-sm-11">
<input type="text" class="form-control" id="location" name="location"
value="{{ if .Event.GetProperty "LOCATION" }}{{(.Event.GetProperty
"LOCATION").Value}}{{ end }}">
value="{{ if .Event.GetProperty "LOCATION" }}{{ .Event.GetLocation }}{{ end }}">
</div>
</div>
<div class="row mb-3">
Expand Down Expand Up @@ -62,7 +59,7 @@ <h1 class="mb-3">
name="description"
rows="1"
>
{{ if .Event.GetProperty "DESCRIPTION" }}{{(.Event.GetProperty "DESCRIPTION").Value}}{{ end }}</textarea
{{ if .Event.GetProperty "DESCRIPTION" }}{{ .Event.GetDescription }}{{ end }}</textarea
>
</div>
</div>
Expand All @@ -78,11 +75,11 @@ <h1 class="mb-3">
<script>
const profileName = {{.ProfileName }};
const uid = {{(.Event.GetProperty "UID").Value}};
const originalSummary = {{ if .Event.GetProperty "SUMMARY" }}{{(.Event.GetProperty "SUMMARY").Value}}{{ else }} ""{{ end }};
const originalLocation = {{ if .Event.GetProperty "LOCATION" }}{{(.Event.GetProperty "LOCATION").Value}}{{ else }} ""{{ end }};
const originalSummary = {{ if .Event.GetProperty "SUMMARY" }}{{ .Event.GetSummary }}{{ else }} ""{{ end }};
const originalLocation = {{ if .Event.GetProperty "LOCATION" }}{{ .Event.GetLocation }}{{ else }} ""{{ end }};
const originalStart = dayjs({{(.Event.GetStartAt).Format "2006-01-02T15:04:05Z07:00"}});
const originalEnd = dayjs({{(.Event.GetEndAt).Format "2006-01-02T15:04:05Z07:00"}});
const originalDescription = {{ if .Event.GetProperty "DESCRIPTION" }}{{ (.Event.GetProperty "DESCRIPTION").Value }}{{ else }} ""{{ end }};
const originalDescription = {{ if .Event.GetProperty "DESCRIPTION" }}{{ .Event.GetDescription }}{{ else }} ""{{ end }};
document.getElementById("start").value = originalStart.format("YYYY-MM-DDTHH:mm");
document.getElementById("end").value = originalEnd.format("YYYY-MM-DDTHH:mm");
Expand Down
18 changes: 9 additions & 9 deletions pkg/modules/actions.go
View file
Expand Up @@ -66,13 +66,13 @@ func ActionEdit(cal *ics.Calendar, indices []int, params map[string]string) erro
}
switch params["overwrite"] {
case "false":
event.SetProperty(ics.ComponentPropertySummary, event.GetProperty(ics.ComponentPropertySummary).Value+"; "+params["new-summary"])
event.SetSummary(event.GetSummary() + "; " + params["new-summary"])

Check failure on line 69 in pkg/modules/actions.go

View workflow job for this annotation

GitHub Actions / Compile 

event.GetSummary undefined (type *ics.VEvent has no field or method GetSummary)

Check failure on line 69 in pkg/modules/actions.go

View workflow job for this annotation

GitHub Actions / test 

event.GetSummary undefined (type *ics.VEvent has no field or method GetSummary)

Check failure on line 69 in pkg/modules/actions.go

View workflow job for this annotation

GitHub Actions / test 

event.GetSummary undefined (type *ics.VEvent has no field or method GetSummary)
case "fillempty":
if event.GetProperty(ics.ComponentPropertySummary).Value == "" {
event.SetProperty(ics.ComponentPropertySummary, params["new-summary"])
event.SetSummary(params["new-summary"])
}
case "true":
event.SetProperty(ics.ComponentPropertySummary, params["new-summary"])
event.SetSummary(params["new-summary"])
}
log.Debug("Changed summary to " + event.GetProperty(ics.ComponentPropertySummary).Value)
}
Expand All @@ -83,13 +83,13 @@ func ActionEdit(cal *ics.Calendar, indices []int, params map[string]string) erro
}
switch params["overwrite"] {
case "false":
event.SetProperty(ics.ComponentPropertyDescription, event.GetProperty(ics.ComponentPropertyDescription).Value+"; "+params["new-description"])
event.SetDescription(event.GetDescription() + "; " + params["new-description"])

Check failure on line 86 in pkg/modules/actions.go

View workflow job for this annotation

GitHub Actions / Compile 

event.GetDescription undefined (type *ics.VEvent has no field or method GetDescription)

Check failure on line 86 in pkg/modules/actions.go

View workflow job for this annotation

GitHub Actions / test 

event.GetDescription undefined (type *ics.VEvent has no field or method GetDescription)

Check failure on line 86 in pkg/modules/actions.go

View workflow job for this annotation

GitHub Actions / test 

event.GetDescription undefined (type *ics.VEvent has no field or method GetDescription)
case "fillempty":
if event.GetProperty(ics.ComponentPropertyDescription).Value == "" {
event.SetProperty(ics.ComponentPropertyDescription, params["new-description"])
event.SetDescription(params["new-description"])
}
case "true":
event.SetProperty(ics.ComponentPropertyDescription, params["new-description"])
event.SetDescription(params["new-description"])
}
log.Debug("Changed description to " + event.GetProperty(ics.ComponentPropertyDescription).Value)
}
Expand All @@ -100,13 +100,13 @@ func ActionEdit(cal *ics.Calendar, indices []int, params map[string]string) erro
}
switch params["overwrite"] {
case "false":
event.SetProperty(ics.ComponentPropertyLocation, event.GetProperty(ics.ComponentPropertyLocation).Value+"; "+params["new-location"])
event.SetLocation(event.GetLocation() + "; " + params["new-location"])

Check failure on line 103 in pkg/modules/actions.go

View workflow job for this annotation

GitHub Actions / Compile 

event.GetLocation undefined (type *ics.VEvent has no field or method GetLocation)

Check failure on line 103 in pkg/modules/actions.go

View workflow job for this annotation

GitHub Actions / test 

event.GetLocation undefined (type *ics.VEvent has no field or method GetLocation)

Check failure on line 103 in pkg/modules/actions.go

View workflow job for this annotation

GitHub Actions / test 

event.GetLocation undefined (type *ics.VEvent has no field or method GetLocation)
case "fillempty":
if event.GetProperty(ics.ComponentPropertyLocation).Value == "" {
event.SetProperty(ics.ComponentPropertyLocation, params["new-location"])
event.SetLocation(params["new-location"])
}
case "true":
event.SetProperty(ics.ComponentPropertyLocation, params["new-location"])
event.SetLocation(params["new-location"])
}
log.Debug("Changed location to " + event.GetProperty(ics.ComponentPropertyLocation).Value)
}
Expand Down
6 changes: 3 additions & 3 deletions pkg/modules/filters.go
View file
Expand Up @@ -52,19 +52,19 @@ func FilterRegex(cal *ics.Calendar, params map[string]string) ([]int, error) {
switch params["target"] {
case "summary":
if event.GetProperty(ics.ComponentPropertySummary) != nil {
target = event.GetProperty(ics.ComponentPropertySummary).Value
target = event.GetSummary()

Check failure on line 55 in pkg/modules/filters.go

View workflow job for this annotation

GitHub Actions / Compile 

event.GetSummary undefined (type *ics.VEvent has no field or method GetSummary)

Check failure on line 55 in pkg/modules/filters.go

View workflow job for this annotation

GitHub Actions / test 

event.GetSummary undefined (type *ics.VEvent has no field or method GetSummary)

Check failure on line 55 in pkg/modules/filters.go

View workflow job for this annotation

GitHub Actions / test 

event.GetSummary undefined (type *ics.VEvent has no field or method GetSummary)
} else {
continue
}
case "description":
if event.GetProperty(ics.ComponentPropertyDescription) != nil {
target = event.GetProperty(ics.ComponentPropertyDescription).Value
target = event.GetDescription()

Check failure on line 61 in pkg/modules/filters.go

View workflow job for this annotation

GitHub Actions / Compile 

event.GetDescription undefined (type *ics.VEvent has no field or method GetDescription)

Check failure on line 61 in pkg/modules/filters.go

View workflow job for this annotation

GitHub Actions / test 

event.GetDescription undefined (type *ics.VEvent has no field or method GetDescription)

Check failure on line 61 in pkg/modules/filters.go

View workflow job for this annotation

GitHub Actions / test 

event.GetDescription undefined (type *ics.VEvent has no field or method GetDescription)
} else {
continue
}
case "location":
if event.GetProperty(ics.ComponentPropertyLocation) != nil {
target = event.GetProperty(ics.ComponentPropertyLocation).Value
target = event.GetLocation()

Check failure on line 67 in pkg/modules/filters.go

View workflow job for this annotation

GitHub Actions / Compile 

event.GetLocation undefined (type *ics.VEvent has no field or method GetLocation)

Check failure on line 67 in pkg/modules/filters.go

View workflow job for this annotation

GitHub Actions / test 

event.GetLocation undefined (type *ics.VEvent has no field or method GetLocation)

Check failure on line 67 in pkg/modules/filters.go

View workflow job for this annotation

GitHub Actions / test 

event.GetLocation undefined (type *ics.VEvent has no field or method GetLocation)
} else {
continue
}
Expand Down

0 comments on commit 5fb25f0

Please sign in to comment.