Encode Requesttoken for avatars

Fixes new avatar selection in master half, other half will work when https://github.com/owncloud/core/pull/14266 has get merged.

Shocking to see how much places in our code do it wrong :gun:

diff --git a/settings/js/personal.js b/settings/js/personal.js
index 0cf0cd81a7b20ad5a5e9fb0d0f52bfa5b9fb074e..1202d9743d2f784ddb2ee37eb2f6e804faab5291 100644 (file)
--- a/settings/js/personal.js
+++ b/settings/js/personal.js
@@ -110,7 +110,7 @@ function showAvatarCropper () {
        var $cropperImage = $('#cropper img');
 
        $cropperImage.attr('src',
-               OC.generateUrl('/avatar/tmp') + '?requesttoken=' + oc_requesttoken + '#' + Math.floor(Math.random() * 1000));
+               OC.generateUrl('/avatar/tmp') + '?requesttoken=' + encodeURIComponent(oc_requesttoken) + '#' + Math.floor(Math.random() * 1000));
 
        // Looks weird, but on('load', ...) doesn't work in IE8
        $cropperImage.ready(function () {
@@ -311,7 +311,7 @@ $(document).ready(function () {
        var url = OC.generateUrl(
                '/avatar/{user}/{size}',
                {user: OC.currentUser, size: 1}
-       ) + '?requesttoken=' + oc_requesttoken;
+       ) + '?requesttoken=' + encodeURIComponent(oc_requesttoken);
        $.get(url, function (result) {
                if (typeof(result) === 'object') {
                        $('#removeavatar').hide();