From: znek Date: Wed, 20 Oct 2004 15:47:45 +0000 (+0000) Subject: proper escaping/unescaping for contacts X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=85b2f5ade8baf348a254ebe910871b47a9c31eb2;p=scalable-opengroupware.org proper escaping/unescaping for contacts git-svn-id: http://svn.opengroupware.org/SOGo/trunk@415 d1b88da0-ebda-0310-925b-ed51d893ca5b --- diff --git a/SOGo/SOGo.xcode/project.pbxproj b/SOGo/SOGo.xcode/project.pbxproj index c8f05b9b..a5a783e8 100644 --- a/SOGo/SOGo.xcode/project.pbxproj +++ b/SOGo/SOGo.xcode/project.pbxproj @@ -1065,6 +1065,8 @@ AD0712CB06C917A600A9EEF4, AD071C7D06CD214600A9EEF4, AD071C7E06CD214700A9EEF4, + ADBE3C490726AF4C000FEA6A, + ADBE3C4A0726AF4C000FEA6A, ); isa = PBXGroup; path = SOGoUI; @@ -1455,6 +1457,24 @@ refType = 4; sourceTree = ""; }; + ADBE3C490726AF4C000FEA6A = { + fileEncoding = 5; + indentWidth = 2; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.h; + path = SOGoJSStringFormatter.h; + refType = 4; + sourceTree = ""; + }; + ADBE3C4A0726AF4C000FEA6A = { + fileEncoding = 5; + indentWidth = 2; + isa = PBXFileReference; + lastKnownFileType = sourcecode.c.objc; + path = SOGoJSStringFormatter.m; + refType = 4; + sourceTree = ""; + }; ADCDE53106ADA8AC00BFCE2B = { fileEncoding = 5; indentWidth = 8; diff --git a/SOGo/UI/Anais/AnaisAttendeeSelector.m b/SOGo/UI/Anais/AnaisAttendeeSelector.m index 676b4d0b..d8474b2c 100644 --- a/SOGo/UI/Anais/AnaisAttendeeSelector.m +++ b/SOGo/UI/Anais/AnaisAttendeeSelector.m @@ -285,34 +285,41 @@ static BOOL debugOn = NO; ctx = [self context]; if (![[ctx valueForKey:@"HasAddTableAnaisAttendeeSelector"] boolValue]) { static NSString *script = \ + @"function unescapeCallbackParameter(s) {\n" + @" s = s.replace(/'/g, \"'\");\n" + @" s = s.replace(/"/g, '\"');\n" + @" return s;\n" + @"}\n" + @"\n" @"function addToTable(tableId, type, cn, dn, email, uid, sn) {\n" - @" var test = document.getElementById(email);" - @" if(test)" - @" return;" - @"" - @" var table = document.getElementById(tableId);" - @" var tr = document.createElement('tr');" - @" var td, checkbox, text;" - @"" - @" td = document.createElement('td');" - @" checkbox = document.createElement('input');" - @" checkbox.setAttribute('type', 'checkbox');" - @" checkbox.setAttribute('checked', 'checked');" - @" checkbox.setAttribute('value', email + ';' + cn);" - @" checkbox.setAttribute('id', email);" - @" checkbox.setAttribute('name', tableId);" - @" td.appendChild(checkbox);" - @" tr.appendChild(td);" - @" td = document.createElement('td');" - @" text = document.createTextNode(cn);" - @" td.appendChild(text);" - @" tr.appendChild(td);" - @" table.appendChild(tr);" + @" var test = document.getElementById(email);\n" + @" if(test)\n" + @" return;\n" + @"\n" + @" var table = document.getElementById(tableId);\n" + @" var tr = document.createElement('tr');\n" + @" var td, checkbox, text;\n" + @"\n" + @" cn = this.unescapeCallbackParameter(cn);\n" + @" td = document.createElement('td');\n" + @" checkbox = document.createElement('input');\n" + @" checkbox.setAttribute('type', 'checkbox');\n" + @" checkbox.setAttribute('checked', 'checked');\n" + @" checkbox.setAttribute('value', email + ';' + cn);\n" + @" checkbox.setAttribute('id', email);\n" + @" checkbox.setAttribute('name', tableId);\n" + @" td.appendChild(checkbox);\n" + @" tr.appendChild(td);\n" + @" td = document.createElement('td');\n" + @" text = document.createTextNode(cn);\n" + @" td.appendChild(text);\n" + @" tr.appendChild(td);\n" + @" table.appendChild(tr);\n" @"}\n"; [ms appendString:script]; [ctx takeValue:[NSNumber numberWithBool:YES] - forKey:@"HasAddTableAnaisAttendeeSelector"]; + forKey:@"HasAddTableAnaisAttendeeSelector"]; } s = diff --git a/SOGo/UI/Anais/ChangeLog b/SOGo/UI/Anais/ChangeLog index 2edcc70a..78c05da3 100644 --- a/SOGo/UI/Anais/ChangeLog +++ b/SOGo/UI/Anais/ChangeLog @@ -1,3 +1,8 @@ +2004-10-20 Marcus Mueller + + * AnaisAttendeeSelector.m: provide proper unescaping of special HTML + entities via new unescape function. (v0.9.17) + 2004-10-18 Marcus Mueller * v0.9.16 diff --git a/SOGo/UI/Anais/Version b/SOGo/UI/Anais/Version index 3ec1cfd0..f929c4ce 100644 --- a/SOGo/UI/Anais/Version +++ b/SOGo/UI/Anais/Version @@ -1,3 +1,3 @@ # $Id: Version 165 2004-08-05 17:55:50Z znek $ -SUBMINOR_VERSION:=16 +SUBMINOR_VERSION:=17 diff --git a/SOGo/UI/Contacts/ChangeLog b/SOGo/UI/Contacts/ChangeLog index d11dda71..3af0a4a8 100644 --- a/SOGo/UI/Contacts/ChangeLog +++ b/SOGo/UI/Contacts/ChangeLog @@ -1,3 +1,10 @@ +2004-10-20 Marcus Mueller + + * UIxContactsSelectionView.m: several properties provided to the + callback need to be unescaped properly before being passed back. + This is achieved by using the new SOGoJSStringFormatter in SOGoUI. + (v0.9.16) + 2004-10-14 Marcus Mueller * UIxContactSelector.m: fixed wrong method name (v0.9.15) diff --git a/SOGo/UI/Contacts/UIxContactsSelectionView.m b/SOGo/UI/Contacts/UIxContactsSelectionView.m index 4c6baba1..4d0fd86b 100644 --- a/SOGo/UI/Contacts/UIxContactsSelectionView.m +++ b/SOGo/UI/Contacts/UIxContactsSelectionView.m @@ -22,11 +22,19 @@ #include "UIxContactsListView.h" +#include @interface UIxContactsSelectionView : UIxContactsListView { NSString *callback; } + +- (NSString *)_getCN; +- (NSString *)getCN; +- (NSString *)getSN; +- (NSString *)getMail; +- (NSString *)getUID; + @end #include "common.h" @@ -34,6 +42,18 @@ @implementation UIxContactsSelectionView +static SOGoJSStringFormatter *jsFormatter = nil; + ++ (void)initialize { + static BOOL didInit = NO; + + if(didInit) + return; + + didInit = YES; + jsFormatter = [SOGoJSStringFormatter sharedFormatter]; +} + - (void)dealloc { [self->callback release]; [super dealloc]; @@ -47,24 +67,51 @@ return self->callback; } +- (NSString *)_getCN { + NSString *sn, *gn; + + sn = [self->contact valueForKey:@"sn"]; + gn = [self->contact valueForKey:@"givenname"]; + + if((!sn || [sn length] == 0) && + (!gn || [gn length] == 0)) { + return @""; + } else if(!sn || [sn length] == 0) { + return gn; + } else if(!gn || [gn length] == 0) { + return sn; + } + return [NSString stringWithFormat:@"%@ %@", sn, gn]; +} + +- (NSString *)getCN { + return [jsFormatter stringByEscapingQuotesInString:[self _getCN]]; +} + +- (NSString *)getSN { + NSString *sn = [self->contact valueForKey:@"sn"]; + return [jsFormatter stringByEscapingQuotesInString:sn]; +} + +- (NSString *)getMail { + return [self->contact valueForKey:@"mail"]; +} + +- (NSString *)getUID { + return [[AgenorUserManager sharedUserManager] getUIDForEmail:[self getMail]]; +} + - (NSString *)jsOnClickCode { /* callback parameters: (type, cn, dn, email, uid, sn) */ static NSString *jsCode = \ @"javascript:opener.window.%@('', '%@', '', '%@', '%@', '%@');"; - NSString *sn, *cn, *mail, *uid; - sn = [self->contact valueForKey:@"sn"]; - cn = [NSString stringWithFormat:@"%@ %@", - sn, - [self->contact valueForKey:@"givenname"]]; - mail = [self->contact valueForKey:@"mail"]; - uid = [[AgenorUserManager sharedUserManager] getUIDForEmail:mail]; return [NSString stringWithFormat:jsCode, [self callback], - cn, - mail, - uid, - sn]; + [self getCN], + [self getMail], + [self getUID], + [self getSN]]; } @end /* UIxContactsInlineListView */ diff --git a/SOGo/UI/Contacts/Version b/SOGo/UI/Contacts/Version index cf9e5c12..dee27ead 100644 --- a/SOGo/UI/Contacts/Version +++ b/SOGo/UI/Contacts/Version @@ -1,3 +1,5 @@ # $Id$ -SUBMINOR_VERSION:=15 +SUBMINOR_VERSION:=16 + +# v0.9.16 requires libSOGoUI v0.9.16 diff --git a/SOGo/UI/SOGoUI/ChangeLog b/SOGo/UI/SOGoUI/ChangeLog index 7866f5b6..db811fb7 100644 --- a/SOGo/UI/SOGoUI/ChangeLog +++ b/SOGo/UI/SOGoUI/ChangeLog @@ -1,3 +1,8 @@ +2004-10-20 Marcus Mueller + + * SOGoJSStringFormatter.[hm]: new formatter to properly escape certain + strings passed to JavaScript (v0.9.16) + 2004-10-18 Marcus Mueller * UIxComponent.m: changed the implementation of -ownPath and fixed a diff --git a/SOGo/UI/SOGoUI/GNUmakefile b/SOGo/UI/SOGoUI/GNUmakefile index ff9bc807..0f1a66a7 100644 --- a/SOGo/UI/SOGoUI/GNUmakefile +++ b/SOGo/UI/SOGoUI/GNUmakefile @@ -11,11 +11,13 @@ libSOGoUI_HEADER_FILES += \ UIxComponent.h \ SOGoDateFormatter.h \ SOGoAptFormatter.h \ + SOGoJSStringFormatter.h \ libSOGoUI_OBJC_FILES += \ UIxComponent.m \ SOGoDateFormatter.m \ SOGoAptFormatter.m \ + SOGoJSStringFormatter.m \ # make diff --git a/SOGo/UI/SOGoUI/SOGoJSStringFormatter.h b/SOGo/UI/SOGoUI/SOGoJSStringFormatter.h new file mode 100644 index 00000000..3a59e76a --- /dev/null +++ b/SOGo/UI/SOGoUI/SOGoJSStringFormatter.h @@ -0,0 +1,43 @@ +/* + Copyright (C) 2000-2004 SKYRIX Software AG + + This file is part of OGo + + OGo is free software; you can redistribute it and/or modify it under + the terms of the GNU Lesser General Public License as published by the + Free Software Foundation; either version 2, or (at your option) any + later version. + + OGo is distributed in the hope that it will be useful, but WITHOUT ANY + WARRANTY; without even the implied warranty of MERCHANTABILITY or + FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public + License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with OGo; see the file COPYING. If not, write to the + Free Software Foundation, 59 Temple Place - Suite 330, Boston, MA + 02111-1307, USA. +*/ +// $Id$ + + +#ifndef __SOGoJSStringFormatter_H_ +#define __SOGoJSStringFormatter_H_ + + +#import +#include + +@interface SOGoJSStringFormatter : NSObject +{ +} + ++ (id)sharedFormatter; + +- (NSString *)stringByEscapingQuotesInString:(NSString *)_s; +- (NSString *)stringByEscapingSingleQuotesInString:(NSString *)_s; +- (NSString *)stringByEscapingDoubleQuotesInString:(NSString *)_s; + +@end + +#endif /* __SOGoJSStringFormatter_H_ */ diff --git a/SOGo/UI/SOGoUI/SOGoJSStringFormatter.m b/SOGo/UI/SOGoUI/SOGoJSStringFormatter.m new file mode 100644 index 00000000..9b566d01 --- /dev/null +++ b/SOGo/UI/SOGoUI/SOGoJSStringFormatter.m @@ -0,0 +1,78 @@ +/* + Copyright (C) 2000-2004 SKYRIX Software AG + + This file is part of OGo + + OGo is free software; you can redistribute it and/or modify it under + the terms of the GNU Lesser General Public License as published by the + Free Software Foundation; either version 2, or (at your option) any + later version. + + OGo is distributed in the hope that it will be useful, but WITHOUT ANY + WARRANTY; without even the implied warranty of MERCHANTABILITY or + FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public + License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with OGo; see the file COPYING. If not, write to the + Free Software Foundation, 59 Temple Place - Suite 330, Boston, MA + 02111-1307, USA. +*/ +// $Id$ + + +#include "SOGoJSStringFormatter.h" +#include "common.h" + +@implementation SOGoJSStringFormatter + +static NSCharacterSet *quotesSet = nil; +static NSCharacterSet *squoteSet = nil; +static NSCharacterSet *dquoteSet = nil; + ++ (void)initialize { + static BOOL didInit = NO; + + if(didInit) + return; + + didInit = YES; + quotesSet = \ + [[NSCharacterSet characterSetWithCharactersInString:@"'\""] retain]; + squoteSet = \ + [[NSCharacterSet characterSetWithCharactersInString:@"'"] retain]; + dquoteSet = \ + [[NSCharacterSet characterSetWithCharactersInString:@"\""] retain]; +} + ++ (id)sharedFormatter { + static id sharedInstance = nil; + if(!sharedInstance) { + sharedInstance = [[self alloc] init]; + } + return sharedInstance; +} + +- (NSString *)stringByEscapingQuotesInString:(NSString *)_s { + return [_s stringByEscapingCharactersFromSet:quotesSet + usingStringEscaping:self]; +} + +- (NSString *)stringByEscapingSingleQuotesInString:(NSString *)_s { + return [_s stringByEscapingCharactersFromSet:squoteSet + usingStringEscaping:self]; +} + +- (NSString *)stringByEscapingDoubleQuotesInString:(NSString *)_s { + return [_s stringByEscapingCharactersFromSet:dquoteSet + usingStringEscaping:self]; +} + +- (NSString *)stringByEscapingString:(NSString *)_s { + if([_s isEqualToString:@"'"]) { + return @"'"; + } + return @"""; +} + +@end diff --git a/SOGo/UI/SOGoUI/Version b/SOGo/UI/SOGoUI/Version index cf9e5c12..27f42dca 100644 --- a/SOGo/UI/SOGoUI/Version +++ b/SOGo/UI/SOGoUI/Version @@ -1,3 +1,3 @@ # $Id$ -SUBMINOR_VERSION:=15 +SUBMINOR_VERSION:=16