diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2014-01-12 03:45:30 -0800 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2014-01-12 03:45:30 -0800 |
| commit | 85e00ad35a63d2d728140f3ece685d79d7a6140c (patch) | |
| tree | 4300040f44d951823645d35d98e1b263de49fd07 | |
| parent | b24c21b00f0116e8749f37646cc25f798992bf05 (diff) | |
| parent | 1042733634622b234beb52e24505d56a9883b4eb (diff) | |
| download | nextcloud-server-85e00ad35a63d2d728140f3ece685d79d7a6140c.tar.gz nextcloud-server-85e00ad35a63d2d728140f3ece685d79d7a6140c.zip | |
Merge pull request #6713 from owncloud/files-filenameescapingfixes
Fixed various file name escaping issues in core apps
| -rw-r--r-- | apps/files/js/file-upload.js | 12 | ||||
| -rw-r--r-- | apps/files/js/fileactions.js | 2 | ||||
| -rw-r--r-- | apps/files/js/filelist.js | 49 | ||||
| -rw-r--r-- | apps/files/js/files.js | 14 | ||||
| -rw-r--r-- | apps/files_sharing/js/public.js | 6 | ||||
| -rw-r--r-- | apps/files_sharing/js/share.js | 2 | ||||
| -rw-r--r-- | apps/files_trashbin/js/trash.js | 14 | ||||
| -rw-r--r-- | apps/files_versions/js/versions.js | 16 | ||||
| -rw-r--r-- | core/js/share.js | 10 |
9 files changed, 75 insertions, 50 deletions
diff --git a/apps/files/js/file-upload.js b/apps/files/js/file-upload.js index 196817432d5..225c3319107 100644 --- a/apps/files/js/file-upload.js +++ b/apps/files/js/file-upload.js @@ -222,6 +222,14 @@ $(document).ready(function() { //examine file var file = data.files[0]; + try { + // FIXME: not so elegant... need to refactor that method to return a value + Files.isFileNameValid(file.name); + } + catch (errorMessage) { + data.textStatus = 'invalidcharacters'; + data.errorThrown = errorMessage; + } if (file.type === '' && file.size === 4096) { data.textStatus = 'dirorzero'; @@ -605,7 +613,7 @@ $(document).ready(function() { if (result.status === 'success') { var date=new Date(); FileList.addDir(name, 0, date, hidden); - var tr=$('tr[data-file="'+name+'"]'); + var tr = FileList.findFileEl(name); tr.attr('data-id', result.data.id); } else { OC.dialogs.alert(result.data.message, t('core', 'Could not create folder')); @@ -647,7 +655,7 @@ $(document).ready(function() { $('#uploadprogressbar').fadeOut(); var date = new Date(); FileList.addFile(localName, size, date, false, hidden); - var tr = $('tr[data-file="'+localName+'"]'); + var tr = FileList.findFileEl(localName); tr.data('mime', mime).data('id', id); tr.attr('data-id', id); var path = $('#dir').val()+'/'+localName; diff --git a/apps/files/js/fileactions.js b/apps/files/js/fileactions.js index 03e23189a97..74bb711ef3d 100644 --- a/apps/files/js/fileactions.js +++ b/apps/files/js/fileactions.js @@ -71,7 +71,7 @@ var FileActions = { FileActions.currentFile = parent; var actions = FileActions.get(FileActions.getCurrentMimeType(), FileActions.getCurrentType(), FileActions.getCurrentPermissions()); var file = FileActions.getCurrentFile(); - if ($('tr[data-file="'+file+'"]').data('renaming')) { + if (FileList.findFileEl(file).data('renaming')) { return; } diff --git a/apps/files/js/filelist.js b/apps/files/js/filelist.js index 473bcf25f2d..c02ab70ce8d 100644 --- a/apps/files/js/filelist.js +++ b/apps/files/js/filelist.js @@ -6,6 +6,13 @@ var FileList={ $(this).attr('data-file',decodeURIComponent($(this).attr('data-file'))); }); }, + /** + * Returns the tr element for a given file name + */ + findFileEl: function(fileName){ + // use filterAttr to avoid escaping issues + return $('#fileList tr').filterAttr('data-file', fileName); + }, update:function(fileListHtml) { var $fileList = $('#fileList'); $fileList.empty().html(fileListHtml); @@ -292,8 +299,9 @@ var FileList={ $('#filestable').toggleClass('hidden', show); }, remove:function(name){ - $('tr').filterAttr('data-file',name).find('td.filename').draggable('destroy'); - $('tr').filterAttr('data-file',name).remove(); + var fileEl = FileList.findFileEl(name); + fileEl.find('td.filename').draggable('destroy'); + fileEl.remove(); FileList.updateFileSummary(); if ( ! $('tr[data-file]').exists() ) { $('#emptycontent').removeClass('hidden'); @@ -334,7 +342,7 @@ var FileList={ FileList.updateFileSummary(); }, loadingDone:function(name, id) { - var mime, tr = $('tr[data-file="'+name+'"]'); + var mime, tr = FileList.findFileEl(name); tr.data('loading', false); mime = tr.data('mime'); tr.attr('data-mime', mime); @@ -347,12 +355,12 @@ var FileList={ }, null, null, tr.attr('data-etag')); tr.find('td.filename').draggable(dragOptions); }, - isLoading:function(name) { - return $('tr[data-file="'+name+'"]').data('loading'); + isLoading:function(file) { + return FileList.findFileEl(file).data('loading'); }, rename:function(oldname) { var tr, td, input, form; - tr = $('tr[data-file="'+oldname+'"]'); + tr = FileList.findFileEl(oldname); tr.data('renaming',true); td = tr.children('td.filename'); input = $('<input type="text" class="filename"/>').val(oldname); @@ -500,14 +508,16 @@ var FileList={ form.trigger('submit'); }); }, - inList:function(filename) { - return $('#fileList tr[data-file="'+filename+'"]').length; + inList:function(file) { + return FileList.findFileEl(file).length; }, replace:function(oldName, newName, isNewFile) { // Finish any existing actions - $('tr[data-file="'+oldName+'"]').hide(); - $('tr[data-file="'+newName+'"]').hide(); - var tr = $('tr[data-file="'+oldName+'"]').clone(); + var oldFileEl = FileList.findFileEl(oldName); + var newFileEl = FileList.findFileEl(newName); + oldFileEl.hide(); + newFileEl.hide(); + var tr = oldFileEl.clone(); tr.attr('data-replace', 'true'); tr.attr('data-file', newName); var td = tr.children('td.filename'); @@ -559,7 +569,7 @@ var FileList={ files=[files]; } for (var i=0; i<files.length; i++) { - var deleteAction = $('tr[data-file="'+files[i]+'"]').children("td.date").children(".action.delete"); + var deleteAction = FileList.findFileEl(files[i]).children("td.date").children(".action.delete"); deleteAction.removeClass('delete-icon').addClass('progress-icon'); } // Finish any existing actions @@ -573,7 +583,7 @@ var FileList={ function(result) { if (result.status === 'success') { $.each(files,function(index,file) { - var files = $('tr[data-file="'+file+'"]'); + var files = FileList.findFileEl(file); files.remove(); files.find('input[type="checkbox"]').removeAttr('checked'); files.removeClass('selected'); @@ -595,7 +605,7 @@ var FileList={ OC.Notification.hide(); }, 10000); $.each(files,function(index,file) { - var deleteAction = $('tr[data-file="' + file + '"] .action.delete'); + var deleteAction = FileList.findFileEl(file).find('.action.delete'); deleteAction.removeClass('progress-icon').addClass('delete-icon'); }); } @@ -737,7 +747,7 @@ var FileList={ }, scrollTo:function(file) { //scroll to and highlight preselected file - var $scrolltorow = $('tr[data-file="'+file+'"]'); + var $scrolltorow = FileList.findFileEl(file); if ($scrolltorow.exists()) { $scrolltorow.addClass('searchresult'); $(window).scrollTop($scrolltorow.position().top); @@ -949,7 +959,7 @@ $(document).ready(function() { $('#notification').on('click', '.undo', function() { if (FileList.deleteFiles) { $.each(FileList.deleteFiles,function(index,file) { - $('tr[data-file="'+file+'"]').show(); + FileList.findFileEl(file).show(); }); FileList.deleteCanceled=true; FileList.deleteFiles=null; @@ -959,10 +969,10 @@ $(document).ready(function() { FileList.deleteCanceled = false; FileList.deleteFiles = [FileList.replaceOldName]; } else { - $('tr[data-file="'+FileList.replaceOldName+'"]').show(); + FileList.findFileEl(FileList.replaceOldName).show(); } $('tr[data-replace="true"').remove(); - $('tr[data-file="'+FileList.replaceNewName+'"]').show(); + FileList.findFileEl(FileList.replaceNewName).show(); FileList.replaceCanceled = true; FileList.replaceOldName = null; FileList.replaceNewName = null; @@ -977,7 +987,8 @@ $(document).ready(function() { }); }); $('#notification:first-child').on('click', '.suggest', function() { - $('tr[data-file="'+$('#notification > span').attr('data-oldName')+'"]').show(); + var file = $('#notification > span').attr('data-oldName'); + FileList.findFileEl(file).show(); OC.Notification.hide(); }); $('#notification:first-child').on('click', '.cancel', function() { diff --git a/apps/files/js/files.js b/apps/files/js/files.js index fdaa3aa3342..1f12ade8d79 100644 --- a/apps/files/js/files.js +++ b/apps/files/js/files.js @@ -282,7 +282,7 @@ $(document).ready(function() { procesSelection(); } else { var filename=$(this).parent().parent().attr('data-file'); - var tr=$('tr[data-file="'+filename+'"]'); + var tr = FileList.findFileEl(filename); var renaming=tr.data('renaming'); if (!renaming && !FileList.isLoading(filename)) { FileActions.currentFile = $(this).parent(); @@ -541,10 +541,12 @@ var folderDropOptions={ if (result) { if (result.status === 'success') { //recalculate folder size - var oldSize = $('#fileList tr[data-file="'+target+'"]').data('size'); - var newSize = oldSize + $('#fileList tr[data-file="'+file+'"]').data('size'); - $('#fileList tr[data-file="'+target+'"]').data('size', newSize); - $('#fileList tr[data-file="'+target+'"]').find('td.filesize').text(humanFileSize(newSize)); + var oldFile = FileList.findFileEl(target); + var newFile = FileList.findFileEl(file); + var oldSize = oldFile.data('size'); + var newSize = oldSize + newFile.data('size'); + oldFile.data('size', newSize); + oldFile.find('td.filesize').text(humanFileSize(newSize)); FileList.remove(file); procesSelection(); @@ -738,7 +740,7 @@ Files.lazyLoadPreview = function(path, mime, ready, width, height, etag) { } function getUniqueName(name) { - if ($('tr[data-file="'+name+'"]').exists()) { + if (FileList.findFileEl(name).exists()) { var parts=name.split('.'); var extension = ""; if (parts.length > 1) { diff --git a/apps/files_sharing/js/public.js b/apps/files_sharing/js/public.js index eacd4096ed8..2e34e6f9bc5 100644 --- a/apps/files_sharing/js/public.js +++ b/apps/files_sharing/js/public.js @@ -29,19 +29,19 @@ $(document).ready(function() { } } FileActions.register('dir', 'Open', OC.PERMISSION_READ, '', function(filename) { - var tr = $('tr').filterAttr('data-file', filename); + var tr = FileList.findFileEl(filename); if (tr.length > 0) { window.location = $(tr).find('a.name').attr('href'); } }); FileActions.register('file', 'Download', OC.PERMISSION_READ, '', function(filename) { - var tr = $('tr').filterAttr('data-file', filename); + var tr = FileList.findFileEl(filename); if (tr.length > 0) { window.location = $(tr).find('a.name').attr('href'); } }); FileActions.register('dir', 'Download', OC.PERMISSION_READ, '', function(filename) { - var tr = $('tr').filterAttr('data-file', filename); + var tr = FileList.findFileEl(filename); if (tr.length > 0) { window.location = $(tr).find('a.name').attr('href')+'&download'; } diff --git a/apps/files_sharing/js/share.js b/apps/files_sharing/js/share.js index 340e0939445..36de452a55e 100644 --- a/apps/files_sharing/js/share.js +++ b/apps/files_sharing/js/share.js @@ -22,7 +22,7 @@ $(document).ready(function() { } else { var item = $('#dir').val() + '/' + filename; } - var tr = $('tr').filterAttr('data-file', filename); + var tr = FileList.findFileEl(filename); if ($(tr).data('type') == 'dir') { var itemType = 'folder'; } else { diff --git a/apps/files_trashbin/js/trash.js b/apps/files_trashbin/js/trash.js index 1ff5bac6130..46d8b56308c 100644 --- a/apps/files_trashbin/js/trash.js +++ b/apps/files_trashbin/js/trash.js @@ -3,8 +3,8 @@ $(document).ready(function() { if (typeof FileActions !== 'undefined') { FileActions.register('all', 'Restore', OC.PERMISSION_READ, OC.imagePath('core', 'actions/history'), function(filename) { - var tr = $('tr').filterAttr('data-file', filename); - var deleteAction = $('tr').filterAttr('data-file', filename).children("td.date").children(".action.delete"); + var tr = FileList.findFileEl(filename); + var deleteAction = tr.children("td.date").children(".action.delete"); deleteAction.removeClass('delete-icon').addClass('progress-icon'); disableActions(); $.post(OC.filePath('files_trashbin', 'ajax', 'undelete.php'), @@ -30,8 +30,8 @@ $(document).ready(function() { return OC.imagePath('core', 'actions/delete'); }, function(filename) { $('.tipsy').remove(); - var tr = $('tr').filterAttr('data-file', filename); - var deleteAction = $('tr').filterAttr('data-file', filename).children("td.date").children(".action.delete"); + var tr = FileList.findFileEl(filename); + var deleteAction = tr.children("td.date").children(".action.delete"); deleteAction.removeClass('delete-icon').addClass('progress-icon'); disableActions(); $.post(OC.filePath('files_trashbin', 'ajax', 'delete.php'), @@ -73,7 +73,7 @@ $(document).ready(function() { var dirlisting = getSelectedFiles('dirlisting')[0]; disableActions(); for (var i = 0; i < files.length; i++) { - var deleteAction = $('tr').filterAttr('data-file', files[i]).children("td.date").children(".action.delete"); + var deleteAction = FileList.findFileEl(files[i]).children("td.date").children(".action.delete"); deleteAction.removeClass('delete-icon').addClass('progress-icon'); } @@ -119,7 +119,7 @@ $(document).ready(function() { } else { for (var i = 0; i < files.length; i++) { - var deleteAction = $('tr').filterAttr('data-file', files[i]).children("td.date").children(".action.delete"); + var deleteAction = FileList.findFileEl(files[i]).children("td.date").children(".action.delete"); deleteAction.removeClass('delete-icon').addClass('progress-icon'); } } @@ -169,7 +169,7 @@ $(document).ready(function() { event.preventDefault(); } var filename = $(this).parent().parent().attr('data-file'); - var tr = $('tr').filterAttr('data-file',filename); + var tr = FileList.findFileEl(filename); var renaming = tr.data('renaming'); if(!renaming && !FileList.isLoading(filename)){ if(mime.substr(0, 5) === 'text/'){ //no texteditor for now diff --git a/apps/files_versions/js/versions.js b/apps/files_versions/js/versions.js index 738a7ece6f2..4adf14745de 100644 --- a/apps/files_versions/js/versions.js +++ b/apps/files_versions/js/versions.js @@ -77,6 +77,7 @@ function goToVersionPage(url){ function createVersionsDropdown(filename, files) { var start = 0; + var fileEl; var html = '<div id="dropdown" class="drop drop-versions" data-file="'+escapeHTML(files)+'">'; html += '<div id="private">'; @@ -86,8 +87,9 @@ function createVersionsDropdown(filename, files) { html += '<input type="button" value="'+ t('files_versions', 'More versions...') + '" name="show-more-versions" id="show-more-versions" style="display: none;" />'; if (filename) { - $('tr').filterAttr('data-file',filename).addClass('mouseOver'); - $(html).appendTo($('tr').filterAttr('data-file',filename).find('td.filename')); + fileEl = FileList.findFileEl(filename); + fileEl.addClass('mouseOver'); + $(html).appendTo(fileEl.find('td.filename')); } else { $(html).appendTo($('thead .share')); } @@ -138,7 +140,7 @@ function createVersionsDropdown(filename, files) { var preview = '<img class="preview" src="'+revision.preview+'"/>'; - var download ='<a href="' + path + "?file=" + files + '&revision=' + revision.version + '">'; + var download ='<a href="' + path + "?file=" + encodeURIComponent(files) + '&revision=' + revision.version + '">'; download+='<img'; download+=' src="' + OC.imagePath('core', 'actions/download') + '"'; download+=' name="downloadVersion" />'; @@ -146,8 +148,7 @@ function createVersionsDropdown(filename, files) { download+='</a>'; var revert='<span class="revertVersion"'; - revert+=' id="' + revision.version + '"'; - revert+=' value="' + files + '">'; + revert+=' id="' + revision.version + '">'; revert+='<img'; revert+=' src="' + OC.imagePath('core', 'actions/history') + '"'; revert+=' name="revertVersion"'; @@ -156,14 +157,13 @@ function createVersionsDropdown(filename, files) { var version=$('<li/>'); version.attr('value', revision.version); version.html(preview + download + revert); + // add file here for proper name escaping + version.find('span.revertVersion').attr('value', files); version.appendTo('#found_versions'); } - $('tr').filterAttr('data-file',filename).addClass('mouseOver'); $('#dropdown').show('blind'); - - } $(this).click( diff --git a/core/js/share.js b/core/js/share.js index 10ab5f47f27..3637d2e7e72 100644 --- a/core/js/share.js +++ b/core/js/share.js @@ -181,7 +181,8 @@ OC.Share={ }, showDropDown:function(itemType, itemSource, appendTo, link, possiblePermissions, filename) { var data = OC.Share.loadItem(itemType, itemSource); - var html = '<div id="dropdown" class="drop" data-item-type="'+itemType+'" data-item-source="'+itemSource+'"" data-item-source-name="'+filename+'">'; + var dropDownEl; + var html = '<div id="dropdown" class="drop" data-item-type="'+itemType+'" data-item-source="'+itemSource+'">'; if (data !== false && data.reshare !== false && data.reshare.uid_owner !== undefined) { if (data.reshare.share_type == OC.Share.SHARE_TYPE_GROUP) { html += '<span class="reshare">'+t('core', 'Shared with you and the group {group} by {owner}', {group: escapeHTML(data.reshare.share_with), owner: escapeHTML(data.reshare.displayname_owner)})+'</span>'; @@ -239,7 +240,8 @@ OC.Share={ html += '<input type="checkbox" name="expirationCheckbox" id="expirationCheckbox" value="1" /><label for="expirationCheckbox">'+t('core', 'Set expiration date')+'</label>'; html += '<input id="expirationDate" type="text" placeholder="'+t('core', 'Expiration date')+'" style="display:none; width:90%;" />'; html += '</div>'; - $(html).appendTo(appendTo); + dropDownEl = $(html); + dropDownEl = dropDownEl.appendTo(appendTo); // Reset item shares OC.Share.itemShares = []; if (data.shares) { @@ -332,8 +334,10 @@ OC.Share={ } else { html += '<input id="shareWith" type="text" placeholder="'+t('core', 'Resharing is not allowed')+'" style="width:90%;" disabled="disabled"/>'; html += '</div>'; - $(html).appendTo(appendTo); + dropDownEl = $(html); + dropDownEl.appendTo(appendTo); } + dropDownEl.attr('data-item-source-name', filename); $('#dropdown').show('blind', function() { OC.Share.droppedDown = true; }); |