diff options
| author | Vincent Petry <pvince81@owncloud.com> | 2014-01-10 15:02:26 +0100 |
|---|---|---|
| committer | Vincent Petry <pvince81@owncloud.com> | 2014-01-10 15:02:26 +0100 |
| commit | 1042733634622b234beb52e24505d56a9883b4eb (patch) | |
| tree | 4300040f44d951823645d35d98e1b263de49fd07 /apps/files_versions | |
| parent | b24c21b00f0116e8749f37646cc25f798992bf05 (diff) | |
| download | nextcloud-server-1042733634622b234beb52e24505d56a9883b4eb.tar.gz nextcloud-server-1042733634622b234beb52e24505d56a9883b4eb.zip | |
Fixed various file name escaping issues in core apps
- Refactored file tr lookup into FileList.findFileEl that uses
filterAttr to avoid escaping issues in jQuery selectors
- Fixed versions and sharing app to properly escape file names in
attributes
Diffstat (limited to 'apps/files_versions')
| -rw-r--r-- | apps/files_versions/js/versions.js | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/apps/files_versions/js/versions.js b/apps/files_versions/js/versions.js index 738a7ece6f2..4adf14745de 100644 --- a/apps/files_versions/js/versions.js +++ b/apps/files_versions/js/versions.js @@ -77,6 +77,7 @@ function goToVersionPage(url){ function createVersionsDropdown(filename, files) { var start = 0; + var fileEl; var html = '<div id="dropdown" class="drop drop-versions" data-file="'+escapeHTML(files)+'">'; html += '<div id="private">'; @@ -86,8 +87,9 @@ function createVersionsDropdown(filename, files) { html += '<input type="button" value="'+ t('files_versions', 'More versions...') + '" name="show-more-versions" id="show-more-versions" style="display: none;" />'; if (filename) { - $('tr').filterAttr('data-file',filename).addClass('mouseOver'); - $(html).appendTo($('tr').filterAttr('data-file',filename).find('td.filename')); + fileEl = FileList.findFileEl(filename); + fileEl.addClass('mouseOver'); + $(html).appendTo(fileEl.find('td.filename')); } else { $(html).appendTo($('thead .share')); } @@ -138,7 +140,7 @@ function createVersionsDropdown(filename, files) { var preview = '<img class="preview" src="'+revision.preview+'"/>'; - var download ='<a href="' + path + "?file=" + files + '&revision=' + revision.version + '">'; + var download ='<a href="' + path + "?file=" + encodeURIComponent(files) + '&revision=' + revision.version + '">'; download+='<img'; download+=' src="' + OC.imagePath('core', 'actions/download') + '"'; download+=' name="downloadVersion" />'; @@ -146,8 +148,7 @@ function createVersionsDropdown(filename, files) { download+='</a>'; var revert='<span class="revertVersion"'; - revert+=' id="' + revision.version + '"'; - revert+=' value="' + files + '">'; + revert+=' id="' + revision.version + '">'; revert+='<img'; revert+=' src="' + OC.imagePath('core', 'actions/history') + '"'; revert+=' name="revertVersion"'; @@ -156,14 +157,13 @@ function createVersionsDropdown(filename, files) { var version=$('<li/>'); version.attr('value', revision.version); version.html(preview + download + revert); + // add file here for proper name escaping + version.find('span.revertVersion').attr('value', files); version.appendTo('#found_versions'); } - $('tr').filterAttr('data-file',filename).addClass('mouseOver'); $('#dropdown').show('blind'); - - } $(this).click( |