mirror of
https://github.com/owncloudarchive/contacts.git
synced 2025-01-30 19:52:17 +01:00
Contacts: Sanitize input.
This commit is contained in:
Thomas Tanghus
parent
d2774ebbf9
commit
6b50a6fef8
@ -23,7 +23,7 @@ $catman = new OC_VCategories('contact');
|
|||||||
$id = $catman->add($category);
|
$id = $catman->add($category);
|
||||||
|
|
||||||
if($id !== false) {
|
if($id !== false) {
|
||||||
OCP\JSON::success(array('data' => array('id'=>$id)));
|
OCP\JSON::success(array('data' => array('id'=>$id, 'name' => $category)));
|
||||||
} else {
|
} else {
|
||||||
bailOut(OCA\Contacts\App::$l10n->t('Error adding group.'));
|
bailOut(OCA\Contacts\App::$l10n->t('Error adding group.'));
|
||||||
}
|
}
|
||||||
|
|||||||
@ -785,7 +785,7 @@ OC.Contacts = OC.Contacts || {
|
|||||||
var $li = self.$addressbookTmpl.octemplate({
|
var $li = self.$addressbookTmpl.octemplate({
|
||||||
id: book.id,
|
id: book.id,
|
||||||
permissions: book.permissions,
|
permissions: book.permissions,
|
||||||
displayname: book.displayname
|
displayname: escapeHTML(book.displayname)
|
||||||
});
|
});
|
||||||
|
|
||||||
$li.find('a.action').tipsy({gravity: 'w'});
|
$li.find('a.action').tipsy({gravity: 'w'});
|
||||||
|
|||||||
@ -676,13 +676,13 @@ OC.Contacts = OC.Contacts || {};
|
|||||||
* Render the list item
|
* Render the list item
|
||||||
* @return A jquery object to be inserted in the DOM
|
* @return A jquery object to be inserted in the DOM
|
||||||
*/
|
*/
|
||||||
Contact.prototype.renderListItem = function() {
|
Contact.prototype.renderListItem = function(isnew) {
|
||||||
this.$listelem = this.$listTemplate.octemplate({
|
this.$listelem = this.$listTemplate.octemplate({
|
||||||
id: this.id,
|
id: this.id,
|
||||||
name: this.getPreferredValue('FN', ''),
|
name: isnew ? escapeHTML(this.getPreferredValue('FN', '')) : this.getPreferredValue('FN', ''),
|
||||||
email: this.getPreferredValue('EMAIL', ''),
|
email: isnew ? escapeHTML(this.getPreferredValue('EMAIL', '')) : this.getPreferredValue('EMAIL', ''),
|
||||||
tel: this.getPreferredValue('TEL', ''),
|
tel: isnew ? escapeHTML(this.getPreferredValue('TEL', '')) : this.getPreferredValue('TEL', ''),
|
||||||
adr: this.getPreferredValue('ADR', []).clean('').join(', '),
|
adr: isnew ? escapeHTML(this.getPreferredValue('ADR', []).clean('').join(', ')) : this.getPreferredValue('ADR', []).clean('').join(', '),
|
||||||
categories: this.getPreferredValue('CATEGORIES', [])
|
categories: this.getPreferredValue('CATEGORIES', [])
|
||||||
.clean('').join(' / ')
|
.clean('').join(' / ')
|
||||||
});
|
});
|
||||||
@ -1389,13 +1389,13 @@ OC.Contacts = OC.Contacts || {};
|
|||||||
$(document).bind('status.contact.added', function(e, data) {
|
$(document).bind('status.contact.added', function(e, data) {
|
||||||
self.length += 1;
|
self.length += 1;
|
||||||
self.contacts[parseInt(data.id)] = data.contact;
|
self.contacts[parseInt(data.id)] = data.contact;
|
||||||
self.insertContact(data.contact.renderListItem());
|
self.insertContact(data.contact.renderListItem(true));
|
||||||
});
|
});
|
||||||
|
|
||||||
$(document).bind('status.contact.updated', function(e, data) {
|
$(document).bind('status.contact.updated', function(e, data) {
|
||||||
if(['FN', 'EMAIL', 'TEL', 'ADR', 'CATEGORIES'].indexOf(data.property) !== -1) {
|
if(['FN', 'EMAIL', 'TEL', 'ADR', 'CATEGORIES'].indexOf(data.property) !== -1) {
|
||||||
data.contact.getListItemElement().remove();
|
data.contact.getListItemElement().remove();
|
||||||
self.insertContact(self.contacts[parseInt(data.contact.id)].renderListItem());
|
self.insertContact(self.contacts[parseInt(data.contact.id)].renderListItem(true));
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
};
|
};
|
||||||
|
|||||||
37
js/groups.js
37
js/groups.js
@ -87,7 +87,8 @@ OC.Contacts = OC.Contacts || {};
|
|||||||
* @returns string The name of the group.
|
* @returns string The name of the group.
|
||||||
*/
|
*/
|
||||||
GroupList.prototype.nameById = function(id) {
|
GroupList.prototype.nameById = function(id) {
|
||||||
return $.trim(this.findById(id).clone().find("*").remove().end().text()); //.contents().filter(function(){ return(this.nodeType == 3); }).text().trim();
|
return $.trim(this.findById(id).data('rawname'));
|
||||||
|
//return $.trim(this.findById(id).clone().find("*").remove().end().text()); //.contents().filter(function(){ return(this.nodeType == 3); }).text().trim();
|
||||||
};
|
};
|
||||||
|
|
||||||
/** Get the group element by id.
|
/** Get the group element by id.
|
||||||
@ -438,10 +439,10 @@ OC.Contacts = OC.Contacts || {};
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
$input.prop('disabled', true);
|
$input.prop('disabled', true);
|
||||||
$elem.data('name', '');
|
$elem.data('rawname', '');
|
||||||
self.addGroup({name:name, element:$elem}, function(response) {
|
self.addGroup({name:name, element: $elem}, function(response) {
|
||||||
if(response.status === 'success') {
|
if(response.status === 'success') {
|
||||||
$elem.prepend(name).removeClass('editing').attr('data-id', response.id);
|
$elem.prepend(escapeHTML(response.name)).removeClass('editing').attr('data-id', response.id);
|
||||||
$input.next('.checked').remove();
|
$input.next('.checked').remove();
|
||||||
$input.remove();
|
$input.remove();
|
||||||
self.$editelem = null;
|
self.$editelem = null;
|
||||||
@ -464,6 +465,7 @@ OC.Contacts = OC.Contacts || {};
|
|||||||
var $input = $('<input type="text" class="active" /><a class="action checked disabled" />');
|
var $input = $('<input type="text" class="active" /><a class="action checked disabled" />');
|
||||||
self.$editelem.prepend($input).addClass('editing');
|
self.$editelem.prepend($input).addClass('editing');
|
||||||
self.$editelem.data('contacts', []);
|
self.$editelem.data('contacts', []);
|
||||||
|
self.$editelem.data('rawname', '');
|
||||||
this.$groupList.find('h3.group[data-type="category"]').first().before(self.$editelem);
|
this.$groupList.find('h3.group[data-type="category"]').first().before(self.$editelem);
|
||||||
this.selectGroup({element:self.$editelem});
|
this.selectGroup({element:self.$editelem});
|
||||||
$input.on('input', function(event) {
|
$input.on('input', function(event) {
|
||||||
@ -527,41 +529,43 @@ OC.Contacts = OC.Contacts || {};
|
|||||||
* from the backend.
|
* from the backend.
|
||||||
*/
|
*/
|
||||||
GroupList.prototype.addGroup = function(params, cb) {
|
GroupList.prototype.addGroup = function(params, cb) {
|
||||||
console.log('GroupList.addGroup', params.name);
|
//console.log('GroupList.addGroup', params);
|
||||||
var name = params.name;
|
var name = params.name;
|
||||||
var contacts = []; // $.map(contacts, function(c) {return parseInt(c)});
|
var contacts = []; // $.map(contacts, function(c) {return parseInt(c)});
|
||||||
var self = this, exists = false;
|
var self = this, exists = false;
|
||||||
self.$groupList.find('h3[data-type="category"]').each(function() {
|
self.$groupList.find('h3[data-type="category"]').each(function() {
|
||||||
if ($(this).data('name').toLowerCase() === name.toLowerCase()) {
|
if ($(this).data('rawname').toLowerCase() === name.toLowerCase()) {
|
||||||
exists = true;
|
exists = true;
|
||||||
return false; //break out of loop
|
return false; //break out of loop
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
if(exists) {
|
if(exists) {
|
||||||
if(typeof cb === 'function') {
|
if(typeof cb === 'function') {
|
||||||
cb({status:'error', message:t('contacts', 'A group named {group} already exists', {group: name})});
|
cb({status:'error', message:t('contacts', 'A group named {group} already exists', {group: escapeHTML(name)})});
|
||||||
}
|
}
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
$.post(OC.filePath('contacts', 'ajax', 'categories/add.php'), {category: name}, function(jsondata) {
|
$.post(OC.filePath('contacts', 'ajax', 'categories/add.php'), {category: name}, function(jsondata) {
|
||||||
if (jsondata && jsondata.status == 'success') {
|
if (jsondata && jsondata.status == 'success') {
|
||||||
|
name = jsondata.data.name;
|
||||||
|
var id = jsondata.data.id;
|
||||||
var tmpl = self.$groupListItemTemplate;
|
var tmpl = self.$groupListItemTemplate;
|
||||||
var $elem = params.element
|
var $elem = params.element
|
||||||
? params.element
|
? params.element
|
||||||
: (tmpl).octemplate({
|
: (tmpl).octemplate({
|
||||||
id: jsondata.data.id,
|
id: id,
|
||||||
type: 'category',
|
type: 'category',
|
||||||
num: contacts.length,
|
num: contacts.length,
|
||||||
name: name
|
name: escapeHTML(name)
|
||||||
});
|
});
|
||||||
self.categories.push({id: jsondata.data.id, name: name});
|
self.categories.push({id: id, name: name});
|
||||||
$elem.data('obj', self);
|
$elem.data('obj', self);
|
||||||
$elem.data('contacts', contacts);
|
$elem.data('contacts', contacts);
|
||||||
$elem.data('name', name);
|
$elem.data('rawname', name);
|
||||||
$elem.data('id', jsondata.data.id);
|
$elem.data('id', id);
|
||||||
var added = false;
|
var added = false;
|
||||||
self.$groupList.find('h3.group[data-type="category"]').each(function() {
|
self.$groupList.find('h3.group[data-type="category"]').each(function() {
|
||||||
if ($(this).data('name').toLowerCase().localeCompare(name.toLowerCase()) > 0) {
|
if ($(this).data('rawname').toLowerCase().localeCompare(name.toLowerCase()) > 0) {
|
||||||
$(this).before($elem);
|
$(this).before($elem);
|
||||||
added = true;
|
added = true;
|
||||||
return false;
|
return false;
|
||||||
@ -574,7 +578,7 @@ OC.Contacts = OC.Contacts || {};
|
|||||||
$elem.tipsy({trigger:'manual', gravity:'w', fallback: t('contacts', 'You can drag groups to\narrange them as you like.')});
|
$elem.tipsy({trigger:'manual', gravity:'w', fallback: t('contacts', 'You can drag groups to\narrange them as you like.')});
|
||||||
$elem.tipsy('show');
|
$elem.tipsy('show');
|
||||||
if(typeof cb === 'function') {
|
if(typeof cb === 'function') {
|
||||||
cb({status:'success', id:parseInt(jsondata.data.id), name:name});
|
cb({status:'success', id:parseInt(id), name:name});
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
if(typeof cb === 'function') {
|
if(typeof cb === 'function') {
|
||||||
@ -607,6 +611,7 @@ OC.Contacts = OC.Contacts || {};
|
|||||||
name: t('contacts', 'Favorites')
|
name: t('contacts', 'Favorites')
|
||||||
}).appendTo($groupList);
|
}).appendTo($groupList);
|
||||||
$elem.data('obj', self);
|
$elem.data('obj', self);
|
||||||
|
$elem.data('rawname', t('contacts', 'Favorites'));
|
||||||
$elem.data('contacts', contacts).find('.numcontacts').before('<span class="starred action" />');
|
$elem.data('contacts', contacts).find('.numcontacts').before('<span class="starred action" />');
|
||||||
$elem.droppable({
|
$elem.droppable({
|
||||||
drop: self.contactDropped,
|
drop: self.contactDropped,
|
||||||
@ -633,7 +638,7 @@ OC.Contacts = OC.Contacts || {};
|
|||||||
self.categories.push({id: category.id, name: category.name});
|
self.categories.push({id: category.id, name: category.name});
|
||||||
$elem.data('obj', self);
|
$elem.data('obj', self);
|
||||||
$elem.data('contacts', contacts);
|
$elem.data('contacts', contacts);
|
||||||
$elem.data('name', category.name);
|
$elem.data('rawname', category.name);
|
||||||
$elem.data('id', category.id);
|
$elem.data('id', category.id);
|
||||||
$elem.droppable({
|
$elem.droppable({
|
||||||
drop: self.contactDropped,
|
drop: self.contactDropped,
|
||||||
@ -669,7 +674,7 @@ OC.Contacts = OC.Contacts || {};
|
|||||||
});
|
});
|
||||||
$elem.find('.numcontacts').after(sharedindicator);
|
$elem.find('.numcontacts').after(sharedindicator);
|
||||||
$elem.data('obj', self);
|
$elem.data('obj', self);
|
||||||
$elem.data('name', shared.displayname);
|
$elem.data('rawname', shared.displayname);
|
||||||
$elem.data('id', shared.id);
|
$elem.data('id', shared.id);
|
||||||
$elem.appendTo($groupList);
|
$elem.appendTo($groupList);
|
||||||
});
|
});
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user