Skip to content
This repository has been archived by the owner on Sep 10, 2021. It is now read-only.

Commit

Permalink
Encode various JavaScript URL components
Browse files Browse the repository at this point in the history
  • Loading branch information
Jamie Snape committed Dec 12, 2014
1 parent f77b2f9 commit 02ad282
Show file tree
Hide file tree
Showing 48 changed files with 123 additions and 123 deletions.
2 changes: 1 addition & 1 deletion core/public/js/admin/admin.index.js
View file
Expand Up @@ -111,7 +111,7 @@ $(document).ready(function () {

$('.moveBitstreamsLink').click(function () {
var srcId = $(this).attr('element');
midas.loadDialog('moveBitstreams' + srcId, '/assetstore/movedialog?srcAssetstoreId=' + srcId);
midas.loadDialog('moveBitstreams' + srcId, '/assetstore/movedialog?srcAssetstoreId=' + encodeURIComponent(srcId));
midas.showDialog('Move bitstreams', false);
});

Expand Down
2 changes: 1 addition & 1 deletion core/public/js/browse/browse.selectfolder.js
View file
Expand Up @@ -120,7 +120,7 @@ $('div.MainDialogContent #createFolderButton').click(function () {
'use strict';
if ($('div.MainDialogContent #createFolderContent').is(':hidden')) {
$('div.MainDialogContent #createFolderContent').html('<img src="' + json.global.webroot + '/core/public/images/icons/loading.gif" alt="Loading..." />').show();
var url = json.global.webroot + '/folder/createfolder?folderId=' + $('#selectedDestinationHidden').val();
var url = json.global.webroot + '/folder/createfolder?folderId=' + encodeURIComponent($('#selectedDestinationHidden').val());
$('div.MainDialogContent #createFolderContent').load(url);
}
else {
Expand Down
2 changes: 1 addition & 1 deletion core/public/js/browse/browse.selectitem.js
View file
Expand Up @@ -152,6 +152,6 @@ $('#live_search_item').keyup(function (e) {
'use strict';
if (e.keyCode == 13 && !itemselected) // enter key has been pressed
{
window.location = $('.webroot').val() + '/search/' + encodeURI($('#live_search_item').val());
window.location = $('.webroot').val() + '/search/' + encodeURIComponent($('#live_search_item').val());
}
});
36 changes: 18 additions & 18 deletions core/public/js/common/common.browser.js
View file
Expand Up @@ -140,7 +140,7 @@ midas.genericCallbackCheckboxes = function (node) {
}, function (text) {
var retVal = $.parseJSON(text);
if (retVal.action == 'download') {
window.location = json.global.webroot + '/download?folders=' + folders + '&items=' + items;
window.location = json.global.webroot + '/download?folders=' + encodeURIComponent(folders) + '&items=' + encodeURIComponent(items);
}
else if (retVal.action == 'promptApplet') {
midas.doCallback('CALLBACK_CORE_PROMPT_APPLET', {
Expand Down Expand Up @@ -178,7 +178,7 @@ midas.genericCallbackDblClick = function (node) {

midas.createNewFolder = function (id) {
'use strict';
midas.loadDialog('folderId' + id, '/folder/createfolder?folderId=' + id);
midas.loadDialog('folderId' + id, '/folder/createfolder?folderId=' + encodeURIComponent(id));
midas.showDialog(json.browse.createFolder, false);
$('#createFolderForm').find('input[name=name]').val('');
$('#createFolderForm').find('textarea[name=description]').val('');
Expand Down Expand Up @@ -261,7 +261,7 @@ midas.removeItem = function (id) {

midas.deleteFolder = function (id) {
'use strict';
midas.loadDialog('deleteFolder' + id, '/folder/deletedialog?folderId=' + id);
midas.loadDialog('deleteFolder' + id, '/folder/deletedialog?folderId=' + encodeURIComponent(id));
midas.showDialog('Confirm Delete Folder', false);
};

Expand Down Expand Up @@ -332,7 +332,7 @@ midas.deleteSelected = function (folders, items) {
*/
midas.duplicateSelected = function (folders, items) {
'use strict';
midas.loadDialog("duplicateItem", "/browse/movecopy/?duplicate=true&items=" + items);
midas.loadDialog("duplicateItem", "/browse/movecopy/?duplicate=true&items=" + encodeURIComponent(items));
var title = 'Copy selected items';
if (folders != '') {
title += ' ' + json.browse.ignoreSelectedFolders;
Expand All @@ -345,7 +345,7 @@ midas.duplicateSelected = function (folders, items) {
*/
midas.duplicateItem = function (item) {
'use strict';
midas.loadDialog("duplicateItem", "/browse/movecopy/?duplicate=true&items=" + item);
midas.loadDialog("duplicateItem", "/browse/movecopy/?duplicate=true&items=" + encodeURIComponent(item));
midas.showDialog('Copy item');
};

Expand All @@ -356,7 +356,7 @@ midas.duplicateItem = function (item) {
*/
midas.moveSelected = function (folders, items) {
'use strict';
midas.loadDialog("moveItem", "/browse/movecopy/?move=true&items=" + items + "&folders=" + folders);
midas.loadDialog("moveItem", "/browse/movecopy/?move=true&items=" + encodeURIComponent(items) + "&folders=" + encodeURIComponent(folders));
midas.showDialog('Move all selected resources');
};

Expand All @@ -379,19 +379,19 @@ midas.removeChildren = function (node) {

midas.editFolder = function (id) {
'use strict';
midas.loadDialog("editFolder" + id, "/folder/edit?folderId=" + id);
midas.loadDialog("editFolder" + id, "/folder/edit?folderId=" + encodeURIComponent(id));
midas.showDialog(json.browse.edit, false);
};

midas.moveFolder = function (id) {
'use strict';
midas.loadDialog("moveFolder" + id, "/browse/movecopy?move=true&folders=" + id);
midas.loadDialog("moveFolder" + id, "/browse/movecopy?move=true&folders=" + encodeURIComponent(id));
midas.showDialog(json.browse.move);
};

midas.moveItem = function (itemId, fromFolderId) {
'use strict';
midas.loadDialog("moveItem" + itemId, "/browse/movecopy?move=true&items=" + itemId + "&from=" + fromFolderId);
midas.loadDialog("moveItem" + itemId, "/browse/movecopy?move=true&items=" + encodeURIComponent(itemId) + "&from=" + encodeURIComponent(fromFolderId));
midas.showDialog(json.browse.move);
};

Expand Down Expand Up @@ -439,10 +439,10 @@ midas.createAction = function (node) {
$('div.viewAction ul').html(header);
var html = '';
if (type == 'community') {
html += '<li><img alt="" src="' + json.global.coreWebroot + '/public/images/icons/view.png"/> <a href="' + json.global.webroot + '/community/' + element + '">' + json.browse.view + '</a></li>';
html += '<li><img alt="" src="' + json.global.coreWebroot + '/public/images/icons/view.png"/> <a href="' + json.global.webroot + '/community/' + encodeURIComponent(element) + '">' + json.browse.view + '</a></li>';
}
if (type == 'folder') {
html += '<li><img alt="" src="' + json.global.coreWebroot + '/public/images/icons/view.png"/> <a href="' + json.global.webroot + '/folder/' + element + '">' + json.browse.view + '</a></li>';
html += '<li><img alt="" src="' + json.global.coreWebroot + '/public/images/icons/view.png"/> <a href="' + json.global.webroot + '/folder/' + encodeURIComponent(element) + '">' + json.browse.view + '</a></li>';
html += '<li class="downloadObject"><img alt="" src="' + json.global.coreWebroot + '/public/images/icons/download.png"/> <a element="' + element + '" class="downloadFolderLink">' + json.browse.download + '</a></li>';
html += '<li><img alt="" src="' + json.global.coreWebroot + '/public/images/icons/link.png"/> <a type="folder" element="' + element + '" href="javascript:;" class="getResourceLinks">Share</a></li>';
if (policy >= 1) {
Expand All @@ -465,7 +465,7 @@ midas.createAction = function (node) {
else { // we are in a subfolder view and the parent is the current folder
fromFolder = json.folder.folder_id;
}
html += '<li><img alt="" src="' + json.global.coreWebroot + '/public/images/icons/view.png"/> <a href="' + json.global.webroot + '/item/' + element + '">' + json.browse.view + '</a></li>';
html += '<li><img alt="" src="' + json.global.coreWebroot + '/public/images/icons/view.png"/> <a href="' + json.global.webroot + '/item/' + encodeURIComponent(element) + '">' + json.browse.view + '</a></li>';
html += '<li class="downloadObject"><img alt="" src="' + json.global.coreWebroot + '/public/images/icons/download.png"/> <a element="' + element + '" class="downloadItemLink">' + json.browse.download + '</a></li>';
html += '<li><img alt="" src="' + json.global.coreWebroot + '/public/images/icons/link.png"/> <a type="item" element="' + element + '" href="javascript:;" class="getResourceLinks">Share</a></li>';
if (json.global.logged) {
Expand Down Expand Up @@ -500,11 +500,11 @@ midas.createAction = function (node) {
button.click();
});
$('a.sharingLink').click(function () {
midas.loadDialog("sharing" + $(this).attr('type') + $(this).attr('element'), "/share/dialog?type=" + $(this).attr('type') + '&element=' + $(this).attr('element'));
midas.loadDialog("sharing" + $(this).attr('type') + $(this).attr('element'), "/share/dialog?type=" + encodeURIComponent($(this).attr('type')) + '&element=' + encodeURIComponent($(this).attr('element')));
midas.showDialog(json.browse.share);
});
$('a.getResourceLinks').click(function () {
midas.loadDialog("links" + $(this).attr('type') + $(this).attr('element'), '/share/links?type=' + $(this).attr('type') + '&id=' + $(this).attr('element'));
midas.loadDialog("links" + $(this).attr('type') + $(this).attr('element'), '/share/links?type=' + encodeURIComponent($(this).attr('type')) + '&id=' + encodeURIComponent($(this).attr('element')));
midas.showDialog('Link to this item');
});
$('a.downloadFolderLink').click(function () {
Expand All @@ -514,7 +514,7 @@ midas.createAction = function (node) {
}, function (text) {
var retVal = $.parseJSON(text);
if (retVal.action == 'download') {
window.location = json.global.webroot + '/download/folder/' + folderId;
window.location = json.global.webroot + '/download/folder/' + encodeURIComponent(folderId);
}
else if (retVal.action == 'promptApplet') {
midas.doCallback('CALLBACK_CORE_PROMPT_APPLET', {
Expand All @@ -532,7 +532,7 @@ midas.createAction = function (node) {
}, function (text) {
var retVal = $.parseJSON(text);
if (retVal.action == 'download') {
window.location = json.global.webroot + '/download/item/' + itemId;
window.location = json.global.webroot + '/download/item/' + encodeURIComponent(itemId);
}
else if (retVal.action == 'promptApplet') {
midas.doCallback('CALLBACK_CORE_PROMPT_APPLET', {
Expand Down Expand Up @@ -588,7 +588,7 @@ midas.createInfo = function (jsonContent) {
else {
html += ' <tr>';
html += ' <td>' + arrayElement.translation.Uploaded + '</td>';
html += ' <td><a href="' + json.global.webroot + '/user/' + midas.escape(arrayElement['uploaded']['user_id']) + '">' + midas.escape(arrayElement['uploaded']['firstname']) + ' ' + midas.escape(arrayElement['uploaded']['lastname']) + '</a></td>';
html += ' <td><a href="' + json.global.webroot + '/user/' + midas.escape(encodeURIComponent(arrayElement['uploaded']['user_id'])) + '">' + midas.escape(arrayElement['uploaded']['firstname']) + ' ' + midas.escape(arrayElement['uploaded']['lastname']) + '</a></td>';
html += ' </tr>';
html += ' <tr>';
html += ' <td>Revisions</td>';
Expand Down Expand Up @@ -621,7 +621,7 @@ midas.createInfo = function (jsonContent) {
}

if (arrayElement['thumbnail_id'] !== undefined && arrayElement['thumbnail_id'] != '') {
html += '<h1>' + json.browse.preview + '</h1><a href="' + json.global.webroot + '/item/' + midas.escape(arrayElement['item_id']) + '"><img class="infoLogo" alt="" src="' + json.global.webroot + '/item/thumbnail?itemId=' + midas.escape(arrayElement['item_id']) + '" /></a>';
html += '<h1>' + json.browse.preview + '</h1><a href="' + json.global.webroot + '/item/' + midas.escape(encodeURIComponent(arrayElement['item_id'])) + '"><img class="infoLogo" alt="" src="' + json.global.webroot + '/item/thumbnail?itemId=' + midas.escape(encodeURIComponent(arrayElement['item_id'])) + '" /></a>';
}

$('div.ajaxInfoElement').html(html);
Expand Down
6 changes: 3 additions & 3 deletions core/public/js/community/community.invitation.js
View file
Expand Up @@ -14,14 +14,14 @@ midas.invite.directAdd = $("#directAdd").val();
midas.invite.showGroupSelect = function (item) {
'use strict';
var dialogTitle = 'groupSelect';
var dialogUrl = '/community/selectgroup?communityId=' + json.community.community_id;
var dialogUrl = '/community/selectgroup?communityId=' + encodeURIComponent(json.community.community_id);

if (item.userid) {
dialogUrl += '&userId=' + item.userid;
dialogUrl += '&userId=' + encodeURIComponent(item.userid);
dialogTitle += item.userid;
}
else { // email address
dialogUrl += '&' + item.key + '=' + item.value;
dialogUrl += '&' + encodeURIComponent(item.key) + '=' + encodeURIComponent(item.value);
dialogTitle += item.value;
}

Expand Down
12 changes: 6 additions & 6 deletions core/public/js/community/community.manage.js
View file
Expand Up @@ -25,7 +25,7 @@ midas.community.manage.init = function () {
});

$('a#addUserToGroupLink').click(function () {
midas.loadDialog("invitationCommunity", "/community/invitation?directadd=true&communityId=" + json.community.community_id);
midas.loadDialog("invitationCommunity", "/community/invitation?directadd=true&communityId=" + encodeURIComponent(json.community.community_id));
midas.showDialog(json.community.sendInvitation, false);
});

Expand Down Expand Up @@ -115,7 +115,7 @@ $('a.deleteGroupLink').click(function () {
$('a.groupLink[groupid=' + groupid + ']').parent('li').remove();
midas.createNotice(jsonResponse[1], 4000);
midas.community.manage.init();
window.location.replace(json.global.webroot + '/community/manage?communityId=' + json.community['community_id'] + '#tabs-Users');
window.location.replace(json.global.webroot + '/community/manage?communityId=' + encodeURIComponent(json.community['community_id']) + '#tabs-Users');
window.location.reload();
}
else {
Expand Down Expand Up @@ -229,7 +229,7 @@ midas.community.manage.successGroupChange = function (responseText, statusText,
}

midas.community.manage.init();
window.location.replace(json.global.webroot + '/community/manage?communityId=' + json.community['community_id'] + '#tabs-Users');
window.location.replace(json.global.webroot + '/community/manage?communityId=' + encodeURIComponent(json.community['community_id']) + '#tabs-Users');
window.location.reload();
}
else {
Expand Down Expand Up @@ -282,7 +282,7 @@ midas.community.manage.promoteMember = function (userId) {
midas.loadDialog('promoteId' + userId + '.' +
json.community.community_id +
new Date().getTime(),
'/community/promotedialog?user=' + userId + '&community=' + json.community.community_id);
'/community/promotedialog?user=' + encodeURIComponent(userId) + '&community=' + encodeURIComponent(json.community.community_id));
midas.showDialog('Add user to groups', false);
};

Expand All @@ -301,7 +301,7 @@ midas.community.manage.removeFromGroup = function (userId, groupId) {
midas.createNotice(jsonResponse[1], 4000);
if (jsonResponse[0]) {
window.location.replace(json.global.webroot + '/community/manage?communityId=' +
json.community.community_id + '#tabs-Users');
encodeURIComponent(json.community.community_id) + '#tabs-Users');
window.location.reload();
}
}
Expand Down Expand Up @@ -382,7 +382,7 @@ $(document).ready(function () {
midas.showDialogWithContent(json.community.message['delete'], html, false);

$('input.deleteCommunityYes').unbind('click').click(function () {
location.replace(json.global.webroot + '/community/delete?communityId=' + json.community.community_id);
location.replace(json.global.webroot + '/community/delete?communityId=' + encodeURIComponent(json.community.community_id));
});
$('input.deleteCommunityNo').unbind('click').click(function () {
$("div.MainDialog").dialog('close');
Expand Down
2 changes: 1 addition & 1 deletion core/public/js/community/community.promotedialog.js
View file
Expand Up @@ -26,7 +26,7 @@ midas.community.promotedialogSuccess = function (responseText, statusText, xhr,
midas.createNotice(jsonResponse[1], 4000);
if (jsonResponse[0]) {
window.location.replace(json.global.webroot +
'/community/manage?communityId=' + $('#promoteCommunityId').val() + '#tabs-Users');
'/community/manage?communityId=' + encodeURIComponent($('#promoteCommunityId').val()) + '#tabs-Users');
window.location.reload();
}
};
Expand Down
2 changes: 1 addition & 1 deletion core/public/js/community/community.selectgroup.js
View file
Expand Up @@ -26,7 +26,7 @@ $(document).ready(function () {
if (jsonResponse[0]) {
midas.createNotice(jsonResponse[1], 3000);
if (typeof midas.invite.directAdd !== "undefined" && midas.invite.directAdd == 1) {
window.location.href = json.global.webroot + "/community/manage?communityId=" + json.community.community_id + "#tabs-Users";
window.location.href = json.global.webroot + "/community/manage?communityId=" + encodeURIComponent(json.community.community_id) + "#tabs-Users";
window.location.reload();
}
$('div.MainDialog').dialog('close');
Expand Down
2 changes: 1 addition & 1 deletion core/public/js/community/community.view.js
View file
Expand Up @@ -31,7 +31,7 @@ $(document).ready(function () {
$("table#browseTable").show();

$('a#sendInvitationLink').click(function () {
midas.loadDialog("invitationCommunity", "/community/invitation?communityId=" + json.community.community_id);
midas.loadDialog("invitationCommunity", "/community/invitation?communityId=" + encodeURIComponent(json.community.community_id));
midas.showDialog(json.community.sendInvitation, false);
});

Expand Down
6 changes: 3 additions & 3 deletions core/public/js/folder/folder.view.js
View file
Expand Up @@ -23,11 +23,11 @@ $(document).ready(function () {
});

$('a.sharingLink').click(function () {
midas.loadDialog("sharing" + $(this).attr('type') + $(this).attr('element'), "/share/dialog?type=" + $(this).attr('type') + '&element=' + $(this).attr('element'));
midas.loadDialog("sharing" + $(this).attr('type') + $(this).attr('element'), "/share/dialog?type=" + encodeURIComponent($(this).attr('type')) + '&element=' + encodeURIComponent($(this).attr('element')));
midas.showDialog(json.browse.share);
});
$('a.getResourceLinks').click(function () {
midas.loadDialog("links" + $(this).attr('type') + $(this).attr('element'), '/share/links?type=' + $(this).attr('type') + '&id=' + $(this).attr('element'));
midas.loadDialog("links" + $(this).attr('type') + $(this).attr('element'), '/share/links?type=' + encodeURIComponent($(this).attr('type')) + '&id=' + encodeURIComponent($(this).attr('element')));
midas.showDialog('Link to this item');
});
$('a.uploadInFolder').click(function () {
Expand All @@ -43,7 +43,7 @@ $(document).ready(function () {
}, function (text) {
var retVal = $.parseJSON(text);
if (retVal.action == 'download') {
window.location = json.global.webroot + '/download?folders=' + folderId;
window.location = json.global.webroot + '/download?folders=' + encodeURIComponent(folderId);
}
else if (retVal.action == 'promptApplet') {
midas.doCallback('CALLBACK_CORE_PROMPT_APPLET', {
Expand Down
4 changes: 2 additions & 2 deletions core/public/js/import/import.index.js
View file
Expand Up @@ -99,7 +99,7 @@ midas.import.startImport = function () {
}
else { // stop the import
midas.import.stage = 'validate'; // goes back to the validate stage
$.get($('.webroot').val() + '/import/stop?id=' + midas.import.uploadId,
$.get($('.webroot').val() + '/import/stop?id=' + encodeURIComponent(midas.import.uploadId),
midas.import.displayStopMessage);
}
};
Expand Down Expand Up @@ -232,7 +232,7 @@ midas.import.checkProgress = function (id) {

$.ajax({
type: "GET",
url: $('.webroot').val() + '/import/getprogress?id=' + id,
url: $('.webroot').val() + '/import/getprogress?id=' + encodeURIComponent(id),
dataType: 'json',
timeout: 10000000000,
success: midas.import.makeProgressSuccessCallback(id),
Expand Down

0 comments on commit 02ad282

Please sign in to comment.