AD0712CB06C917A600A9EEF4,
AD071C7D06CD214600A9EEF4,
AD071C7E06CD214700A9EEF4,
+ ADBE3C490726AF4C000FEA6A,
+ ADBE3C4A0726AF4C000FEA6A,
);
isa = PBXGroup;
path = SOGoUI;
refType = 4;
sourceTree = "<group>";
};
+ ADBE3C490726AF4C000FEA6A = {
+ fileEncoding = 5;
+ indentWidth = 2;
+ isa = PBXFileReference;
+ lastKnownFileType = sourcecode.c.h;
+ path = SOGoJSStringFormatter.h;
+ refType = 4;
+ sourceTree = "<group>";
+ };
+ ADBE3C4A0726AF4C000FEA6A = {
+ fileEncoding = 5;
+ indentWidth = 2;
+ isa = PBXFileReference;
+ lastKnownFileType = sourcecode.c.objc;
+ path = SOGoJSStringFormatter.m;
+ refType = 4;
+ sourceTree = "<group>";
+ };
ADCDE53106ADA8AC00BFCE2B = {
fileEncoding = 5;
indentWidth = 8;
ctx = [self context];
if (![[ctx valueForKey:@"HasAddTableAnaisAttendeeSelector"] boolValue]) {
static NSString *script = \
+ @"function unescapeCallbackParameter(s) {\n"
+ @" s = s.replace(/'/g, \"'\");\n"
+ @" s = s.replace(/"/g, '\"');\n"
+ @" return s;\n"
+ @"}\n"
+ @"\n"
@"function addToTable(tableId, type, cn, dn, email, uid, sn) {\n"
- @" var test = document.getElementById(email);"
- @" if(test)"
- @" return;"
- @""
- @" var table = document.getElementById(tableId);"
- @" var tr = document.createElement('tr');"
- @" var td, checkbox, text;"
- @""
- @" td = document.createElement('td');"
- @" checkbox = document.createElement('input');"
- @" checkbox.setAttribute('type', 'checkbox');"
- @" checkbox.setAttribute('checked', 'checked');"
- @" checkbox.setAttribute('value', email + ';' + cn);"
- @" checkbox.setAttribute('id', email);"
- @" checkbox.setAttribute('name', tableId);"
- @" td.appendChild(checkbox);"
- @" tr.appendChild(td);"
- @" td = document.createElement('td');"
- @" text = document.createTextNode(cn);"
- @" td.appendChild(text);"
- @" tr.appendChild(td);"
- @" table.appendChild(tr);"
+ @" var test = document.getElementById(email);\n"
+ @" if(test)\n"
+ @" return;\n"
+ @"\n"
+ @" var table = document.getElementById(tableId);\n"
+ @" var tr = document.createElement('tr');\n"
+ @" var td, checkbox, text;\n"
+ @"\n"
+ @" cn = this.unescapeCallbackParameter(cn);\n"
+ @" td = document.createElement('td');\n"
+ @" checkbox = document.createElement('input');\n"
+ @" checkbox.setAttribute('type', 'checkbox');\n"
+ @" checkbox.setAttribute('checked', 'checked');\n"
+ @" checkbox.setAttribute('value', email + ';' + cn);\n"
+ @" checkbox.setAttribute('id', email);\n"
+ @" checkbox.setAttribute('name', tableId);\n"
+ @" td.appendChild(checkbox);\n"
+ @" tr.appendChild(td);\n"
+ @" td = document.createElement('td');\n"
+ @" text = document.createTextNode(cn);\n"
+ @" td.appendChild(text);\n"
+ @" tr.appendChild(td);\n"
+ @" table.appendChild(tr);\n"
@"}\n";
[ms appendString:script];
[ctx takeValue:[NSNumber numberWithBool:YES]
- forKey:@"HasAddTableAnaisAttendeeSelector"];
+ forKey:@"HasAddTableAnaisAttendeeSelector"];
}
s =
+2004-10-20 Marcus Mueller <znek@mulle-kybernetik.com>
+
+ * AnaisAttendeeSelector.m: provide proper unescaping of special HTML
+ entities via new unescape function. (v0.9.17)
+
2004-10-18 Marcus Mueller <znek@mulle-kybernetik.com>
* v0.9.16
# $Id: Version 165 2004-08-05 17:55:50Z znek $
-SUBMINOR_VERSION:=16
+SUBMINOR_VERSION:=17
+2004-10-20 Marcus Mueller <znek@mulle-kybernetik.com>
+
+ * UIxContactsSelectionView.m: several properties provided to the
+ callback need to be unescaped properly before being passed back.
+ This is achieved by using the new SOGoJSStringFormatter in SOGoUI.
+ (v0.9.16)
+
2004-10-14 Marcus Mueller <znek@mulle-kybernetik.com>
* UIxContactSelector.m: fixed wrong method name (v0.9.15)
#include "UIxContactsListView.h"
+#include <SOGoUI/SOGoJSStringFormatter.h>
@interface UIxContactsSelectionView : UIxContactsListView
{
NSString *callback;
}
+
+- (NSString *)_getCN;
+- (NSString *)getCN;
+- (NSString *)getSN;
+- (NSString *)getMail;
+- (NSString *)getUID;
+
@end
#include "common.h"
@implementation UIxContactsSelectionView
+static SOGoJSStringFormatter *jsFormatter = nil;
+
++ (void)initialize {
+ static BOOL didInit = NO;
+
+ if(didInit)
+ return;
+
+ didInit = YES;
+ jsFormatter = [SOGoJSStringFormatter sharedFormatter];
+}
+
- (void)dealloc {
[self->callback release];
[super dealloc];
return self->callback;
}
+- (NSString *)_getCN {
+ NSString *sn, *gn;
+
+ sn = [self->contact valueForKey:@"sn"];
+ gn = [self->contact valueForKey:@"givenname"];
+
+ if((!sn || [sn length] == 0) &&
+ (!gn || [gn length] == 0)) {
+ return @"";
+ } else if(!sn || [sn length] == 0) {
+ return gn;
+ } else if(!gn || [gn length] == 0) {
+ return sn;
+ }
+ return [NSString stringWithFormat:@"%@ %@", sn, gn];
+}
+
+- (NSString *)getCN {
+ return [jsFormatter stringByEscapingQuotesInString:[self _getCN]];
+}
+
+- (NSString *)getSN {
+ NSString *sn = [self->contact valueForKey:@"sn"];
+ return [jsFormatter stringByEscapingQuotesInString:sn];
+}
+
+- (NSString *)getMail {
+ return [self->contact valueForKey:@"mail"];
+}
+
+- (NSString *)getUID {
+ return [[AgenorUserManager sharedUserManager] getUIDForEmail:[self getMail]];
+}
+
- (NSString *)jsOnClickCode {
/* callback parameters: (type, cn, dn, email, uid, sn) */
static NSString *jsCode = \
@"javascript:opener.window.%@('', '%@', '', '%@', '%@', '%@');";
- NSString *sn, *cn, *mail, *uid;
- sn = [self->contact valueForKey:@"sn"];
- cn = [NSString stringWithFormat:@"%@ %@",
- sn,
- [self->contact valueForKey:@"givenname"]];
- mail = [self->contact valueForKey:@"mail"];
- uid = [[AgenorUserManager sharedUserManager] getUIDForEmail:mail];
return [NSString stringWithFormat:jsCode,
[self callback],
- cn,
- mail,
- uid,
- sn];
+ [self getCN],
+ [self getMail],
+ [self getUID],
+ [self getSN]];
}
@end /* UIxContactsInlineListView */
# $Id$
-SUBMINOR_VERSION:=15
+SUBMINOR_VERSION:=16
+
+# v0.9.16 requires libSOGoUI v0.9.16
+2004-10-20 Marcus Mueller <znek@mulle-kybernetik.com>
+
+ * SOGoJSStringFormatter.[hm]: new formatter to properly escape certain
+ strings passed to JavaScript (v0.9.16)
+
2004-10-18 Marcus Mueller <znek@mulle-kybernetik.com>
* UIxComponent.m: changed the implementation of -ownPath and fixed a
UIxComponent.h \
SOGoDateFormatter.h \
SOGoAptFormatter.h \
+ SOGoJSStringFormatter.h \
libSOGoUI_OBJC_FILES += \
UIxComponent.m \
SOGoDateFormatter.m \
SOGoAptFormatter.m \
+ SOGoJSStringFormatter.m \
# make
--- /dev/null
+/*
+ Copyright (C) 2000-2004 SKYRIX Software AG
+
+ This file is part of OGo
+
+ OGo is free software; you can redistribute it and/or modify it under
+ the terms of the GNU Lesser General Public License as published by the
+ Free Software Foundation; either version 2, or (at your option) any
+ later version.
+
+ OGo is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with OGo; see the file COPYING. If not, write to the
+ Free Software Foundation, 59 Temple Place - Suite 330, Boston, MA
+ 02111-1307, USA.
+*/
+// $Id$
+
+
+#ifndef __SOGoJSStringFormatter_H_
+#define __SOGoJSStringFormatter_H_
+
+
+#import <Foundation/Foundation.h>
+#include <NGExtensions/NSString+Escaping.h>
+
+@interface SOGoJSStringFormatter : NSObject <NGStringEscaping>
+{
+}
+
++ (id)sharedFormatter;
+
+- (NSString *)stringByEscapingQuotesInString:(NSString *)_s;
+- (NSString *)stringByEscapingSingleQuotesInString:(NSString *)_s;
+- (NSString *)stringByEscapingDoubleQuotesInString:(NSString *)_s;
+
+@end
+
+#endif /* __SOGoJSStringFormatter_H_ */
--- /dev/null
+/*
+ Copyright (C) 2000-2004 SKYRIX Software AG
+
+ This file is part of OGo
+
+ OGo is free software; you can redistribute it and/or modify it under
+ the terms of the GNU Lesser General Public License as published by the
+ Free Software Foundation; either version 2, or (at your option) any
+ later version.
+
+ OGo is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with OGo; see the file COPYING. If not, write to the
+ Free Software Foundation, 59 Temple Place - Suite 330, Boston, MA
+ 02111-1307, USA.
+*/
+// $Id$
+
+
+#include "SOGoJSStringFormatter.h"
+#include "common.h"
+
+@implementation SOGoJSStringFormatter
+
+static NSCharacterSet *quotesSet = nil;
+static NSCharacterSet *squoteSet = nil;
+static NSCharacterSet *dquoteSet = nil;
+
++ (void)initialize {
+ static BOOL didInit = NO;
+
+ if(didInit)
+ return;
+
+ didInit = YES;
+ quotesSet = \
+ [[NSCharacterSet characterSetWithCharactersInString:@"'\""] retain];
+ squoteSet = \
+ [[NSCharacterSet characterSetWithCharactersInString:@"'"] retain];
+ dquoteSet = \
+ [[NSCharacterSet characterSetWithCharactersInString:@"\""] retain];
+}
+
++ (id)sharedFormatter {
+ static id sharedInstance = nil;
+ if(!sharedInstance) {
+ sharedInstance = [[self alloc] init];
+ }
+ return sharedInstance;
+}
+
+- (NSString *)stringByEscapingQuotesInString:(NSString *)_s {
+ return [_s stringByEscapingCharactersFromSet:quotesSet
+ usingStringEscaping:self];
+}
+
+- (NSString *)stringByEscapingSingleQuotesInString:(NSString *)_s {
+ return [_s stringByEscapingCharactersFromSet:squoteSet
+ usingStringEscaping:self];
+}
+
+- (NSString *)stringByEscapingDoubleQuotesInString:(NSString *)_s {
+ return [_s stringByEscapingCharactersFromSet:dquoteSet
+ usingStringEscaping:self];
+}
+
+- (NSString *)stringByEscapingString:(NSString *)_s {
+ if([_s isEqualToString:@"'"]) {
+ return @"&apos;";
+ }
+ return @"&quot;";
+}
+
+@end
# $Id$
-SUBMINOR_VERSION:=15
+SUBMINOR_VERSION:=16
projects / scalable-opengroupware.org / commitdiff