[Cluster-devel] conga/luci cluster/resource_form_handlers.js c ...
rmccabe at sourceware.org
rmccabe at sourceware.org
Wed Jun 20 20:19:35 UTC 2007
CVSROOT: /cvs/cluster
Module name: conga
Branch: RHEL5
Changes by: rmccabe at sourceware.org 2007-06-20 20:19:34
Modified files:
luci/cluster : resource_form_handlers.js validate_fence.js
luci/plone-custom: conga.js
Log message:
Fix bz245025: Conga does not accept '&' character in password field for Fence
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/cluster/resource_form_handlers.js.diff?cvsroot=cluster&only_with_tag=RHEL5&r1=1.20.2.7&r2=1.20.2.8
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/cluster/validate_fence.js.diff?cvsroot=cluster&only_with_tag=RHEL5&r1=1.1.2.1&r2=1.1.2.2
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/plone-custom/conga.js.diff?cvsroot=cluster&only_with_tag=RHEL5&r1=1.3.2.1&r2=1.3.2.2
--- conga/luci/cluster/resource_form_handlers.js 2007/06/18 18:39:31 1.20.2.7
+++ conga/luci/cluster/resource_form_handlers.js 2007/06/20 20:19:34 1.20.2.8
@@ -500,12 +500,12 @@
if (res_type == 'hidden' || res_type == 'text' ||
res_type == 'password')
{
- temp += '<input type="' + res_type + '" name="' + input_elem[j].name + '" value="' + input_elem[j].value + '" />';
+ temp += '<input type="' + res_type + '" name="' + escapeXML(input_elem[j].name) + '" value="' + escapeXML(input_elem[j].value) + '" />';
} else if (res_type == 'checkbox' || res_type == 'radio') {
if (input_elem[j].checked) {
- temp += '<input type="' + res_type + '" name="' + input_elem[j].name + '" checked="checked"';
+ temp += '<input type="' + res_type + '" name="' + escapeXML(input_elem[j].name) + '" checked="checked"';
if (res_type == 'radio')
- temp += ' value="' + input_elem[j].value + '"';
+ temp += ' value="' + escapeXML(input_elem[j].value) + '"';
temp += ' />';
}
}
@@ -513,11 +513,11 @@
var select_elem = form[i].getElementsByTagName('select');
for (var j = 0 ; j < select_elem.length ; j++) {
- temp += '<input type="text" name="' + select_elem[j].name + '" value="' + select_elem[j].options[select_elem[j].options.selectedIndex].value + '" />';
+ temp += '<input type="text" name="' + escapeXML(select_elem[j].name) + '" value="' + escapeXML(select_elem[j].options[select_elem[j].options.selectedIndex].value) + '" />';
}
- form_xml += '<form id="' + form[i].uuid.value + '" parent="' +
- form[i].parent_uuid.value + '">' + temp + '</form>';
+ form_xml += '<form id="' + escapeXML(form[i].uuid.value) + '" parent="' +
+ escapeXML(form[i].parent_uuid.value) + '">' + temp + '</form>';
}
if (!svc_name)
--- conga/luci/cluster/validate_fence.js 2007/03/01 00:31:08 1.1.2.1
+++ conga/luci/cluster/validate_fence.js 2007/06/20 20:19:34 1.1.2.2
@@ -218,27 +218,27 @@
if (res_type == 'hidden' || res_type == 'text' ||
res_type == 'password')
{
- temp += '<input type="' + res_type + '" name="' + input_elem[j].name + '" value="' + input_elem[j].value + '" />';
+ temp += '<input type="' + res_type + '" name="' + escapeXML(input_elem[j].name) + '" value="' + escapeXML(input_elem[j].value) + '" />';
} else if (res_type == 'checkbox' || res_type == 'radio') {
if (input_elem[j].checked) {
- temp += '<input type="' + res_type + '" name="' + input_elem[j].name + '"';
+ temp += '<input type="' + res_type + '" name="' + escapeXML(input_elem[j].name) + '"';
if (res_type == 'checkbox')
temp += ' value="1"';
else if (res_type == 'radio')
- temp += ' value="' + input_elem[j].value + '"';
+ temp += ' value="' + escapeXML(input_elem[j].value) + '"';
temp += ' />';
} else if (res_type == 'checkbox') {
- temp += '<input type="' + res_type + '" name="' + input_elem[j].name + '" value="0" />';
+ temp += '<input type="' + res_type + '" name="' + escapeXML(input_elem[j].name) + '" value="0" />';
}
}
}
var select_elem = form[i].getElementsByTagName('select');
for (var j = 0 ; j < select_elem.length ; j++) {
- temp += '<input type="text" name="' + select_elem[j].name + '" value="' + select_elem[j].options[select_elem[j].options.selectedIndex].value + '" />';
+ temp += '<input type="text" name="' + escapeXML(select_elem[j].name) + '" value="' + escapeXML(select_elem[j].options[select_elem[j].options.selectedIndex].value) + '" />';
}
- form_xml += '<form id="' + form[i].getAttribute('name') + '">' + temp + '</form>';
+ form_xml += '<form id="' + escapeXML(form[i].getAttribute('name')) + '">' + temp + '</form>';
}
master_form.fence_xml.value = '<formlist>' + form_xml + '</formlist>';
--- conga/luci/plone-custom/conga.js 2006/11/16 19:34:53 1.3.2.1
+++ conga/luci/plone-custom/conga.js 2007/06/20 20:19:34 1.3.2.2
@@ -5,6 +5,12 @@
return (0);
}
+function escapeXML(str) {
+ if (!str)
+ return '';
+ return str.replace('&', '&').replace('<', '<').replace('>', '>').replace('"', '"').replace('\'', ''');
+}
+
function popup_window(url, width_percent, height_percent) {
var width = window.innerWidth * (width_percent / 100);
var height = window.innerHeight * (height_percent / 100);
More information about the Cluster-devel
mailing list