[Cluster-devel] conga/luci cluster/resource_form_handlers.js c ...

cluster-devel.redhat.com archive mirror
 help / color / mirror / Atom feed

From: rmccabe@sourceware.org <rmccabe@sourceware.org>
To: cluster-devel.redhat.com
Subject: [Cluster-devel] conga/luci cluster/resource_form_handlers.js c ...
Date: 20 Jun 2007 20:19:35 -0000	[thread overview]
Message-ID: <20070620201935.31471.qmail@sourceware.org> (raw)

CVSROOT:	/cvs/cluster
Module name:	conga
Branch: 	RHEL5
Changes by:	rmccabe at sourceware.org	2007-06-20 20:19:34

Modified files:
	luci/cluster   : resource_form_handlers.js validate_fence.js 
	luci/plone-custom: conga.js 

Log message:
	Fix bz245025: Conga does not accept '&amp;' character in password field for Fence

Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/cluster/resource_form_handlers.js.diff?cvsroot=cluster&only_with_tag=RHEL5&r1=1.20.2.7&r2=1.20.2.8
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/cluster/validate_fence.js.diff?cvsroot=cluster&only_with_tag=RHEL5&r1=1.1.2.1&r2=1.1.2.2
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/plone-custom/conga.js.diff?cvsroot=cluster&only_with_tag=RHEL5&r1=1.3.2.1&r2=1.3.2.2

--- conga/luci/cluster/resource_form_handlers.js	2007/06/18 18:39:31	1.20.2.7
+++ conga/luci/cluster/resource_form_handlers.js	2007/06/20 20:19:34	1.20.2.8
@@ -500,12 +500,12 @@
 			if (res_type == 'hidden' || res_type == 'text' ||
 				res_type == 'password')
 			{
-				temp += '<input type="' + res_type + '" name="' + input_elem[j].name + '" value="' + input_elem[j].value + '" />';
+				temp += '<input type="' + res_type + '" name="' + escapeXML(input_elem[j].name) + '" value="' + escapeXML(input_elem[j].value) + '" />';
 			} else if (res_type == 'checkbox' || res_type == 'radio') {
 				if (input_elem[j].checked) {
-					temp += '<input type="' + res_type + '" name="' + input_elem[j].name + '" checked="checked"';
+					temp += '<input type="' + res_type + '" name="' + escapeXML(input_elem[j].name) + '" checked="checked"';
 					if (res_type == 'radio')
-						temp += ' value="' + input_elem[j].value + '"';
+						temp += ' value="' + escapeXML(input_elem[j].value) + '"';
 					temp += ' />';
 				}
 			}
@@ -513,11 +513,11 @@
 
 		var select_elem = form[i].getElementsByTagName('select');
 		for (var j = 0 ; j < select_elem.length ; j++) {
-			temp += '<input type="text" name="' + select_elem[j].name + '" value="' + select_elem[j].options[select_elem[j].options.selectedIndex].value + '" />';
+			temp += '<input type="text" name="' + escapeXML(select_elem[j].name) + '" value="' + escapeXML(select_elem[j].options[select_elem[j].options.selectedIndex].value) + '" />';
 		}
 
-		form_xml += '<form id="' + form[i].uuid.value + '" parent="' +
-					form[i].parent_uuid.value + '">' + temp + '</form>';
+		form_xml += '<form id="' + escapeXML(form[i].uuid.value) + '" parent="' +
+					escapeXML(form[i].parent_uuid.value) + '">' + temp + '</form>';
 	}
 
 	if (!svc_name)
--- conga/luci/cluster/validate_fence.js	2007/03/01 00:31:08	1.1.2.1
+++ conga/luci/cluster/validate_fence.js	2007/06/20 20:19:34	1.1.2.2
@@ -218,27 +218,27 @@
 			if (res_type == 'hidden' || res_type == 'text' ||
 				res_type == 'password')
 			{
-				temp += '<input type="' + res_type + '" name="' + input_elem[j].name + '" value="' + input_elem[j].value + '" />';
+				temp += '<input type="' + res_type + '" name="' + escapeXML(input_elem[j].name) + '" value="' + escapeXML(input_elem[j].value) + '" />';
 			} else if (res_type == 'checkbox' || res_type == 'radio') {
 				if (input_elem[j].checked) {
-					temp += '<input type="' + res_type + '" name="' + input_elem[j].name + '"';
+					temp += '<input type="' + res_type + '" name="' + escapeXML(input_elem[j].name) + '"';
 					if (res_type == 'checkbox')
 						temp += ' value="1"';
 					else if (res_type == 'radio')
-						temp += ' value="' + input_elem[j].value + '"';
+						temp += ' value="' + escapeXML(input_elem[j].value) + '"';
 					temp += ' />';
 				} else if (res_type == 'checkbox') {
-					temp += '<input type="' + res_type + '" name="' + input_elem[j].name + '" value="0" />';
+					temp += '<input type="' + res_type + '" name="' + escapeXML(input_elem[j].name) + '" value="0" />';
 				}
 			}
 		}
 
 		var select_elem = form[i].getElementsByTagName('select');
 		for (var j = 0 ; j < select_elem.length ; j++) {
-			temp += '<input type="text" name="' + select_elem[j].name + '" value="' + select_elem[j].options[select_elem[j].options.selectedIndex].value + '" />';
+			temp += '<input type="text" name="' + escapeXML(select_elem[j].name) + '" value="' + escapeXML(select_elem[j].options[select_elem[j].options.selectedIndex].value) + '" />';
 		}
 
-		form_xml += '<form id="' + form[i].getAttribute('name') + '">' + temp + '</form>';
+		form_xml += '<form id="' + escapeXML(form[i].getAttribute('name')) + '">' + temp + '</form>';
 	}
 
 	master_form.fence_xml.value = '<formlist>' + form_xml + '</formlist>';
--- conga/luci/plone-custom/conga.js	2006/11/16 19:34:53	1.3.2.1
+++ conga/luci/plone-custom/conga.js	2007/06/20 20:19:34	1.3.2.2
@@ -5,6 +5,12 @@
 	return (0);
 }
 
+function escapeXML(str) {
+	if (!str)
+		return '';
+	return str.replace('&', '&amp;').replace('<', '&lt;').replace('>', '&gt;').replace('"', '&quot;').replace('\'', '&apos;');
+}
+
 function popup_window(url, width_percent, height_percent) {
 	var width = window.innerWidth * (width_percent / 100);
 	var height = window.innerHeight * (height_percent / 100);

next             reply	other threads:[~2007-06-20 20:19 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-06-20 20:19 rmccabe [this message]
  -- strict thread matches above, loose matches on Subject: below --
2008-02-05 19:32 [Cluster-devel] conga/luci cluster/resource_form_handlers.js c rmccabe
2006-10-04 17:24 rmccabe

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20070620201935.31471.qmail@sourceware.org \
    --to=rmccabe@sourceware.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).