[Cluster-devel] conga/luci cluster/resource_form_handlers.js c ...

rmccabe at sourceware.org rmccabe at sourceware.org
Wed Jun 20 20:19:35 UTC 2007 

CVSROOT:	/cvs/cluster
Module name:	conga
Branch: 	RHEL5
Changes by:	rmccabe at sourceware.org	2007-06-20 20:19:34

Modified files:
	luci/cluster   : resource_form_handlers.js validate_fence.js 
	luci/plone-custom: conga.js 

Log message:
	Fix bz245025: Conga does not accept '&' character in password field for Fence

Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/cluster/resource_form_handlers.js.diff?cvsroot=cluster&only_with_tag=RHEL5&r1=1.20.2.7&r2=1.20.2.8
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/cluster/validate_fence.js.diff?cvsroot=cluster&only_with_tag=RHEL5&r1=1.1.2.1&r2=1.1.2.2
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/plone-custom/conga.js.diff?cvsroot=cluster&only_with_tag=RHEL5&r1=1.3.2.1&r2=1.3.2.2

--- conga/luci/cluster/resource_form_handlers.js	2007/06/18 18:39:31	1.20.2.7
+++ conga/luci/cluster/resource_form_handlers.js	2007/06/20 20:19:34	1.20.2.8
@@ -500,12 +500,12 @@
 			if (res_type == 'hidden' || res_type == 'text' ||
 				res_type == 'password')
 			{
-				temp += '<input type="' + res_type + '" name="' + input_elem[j].name + '" value="' + input_elem[j].value + '" />';
+				temp += '<input type="' + res_type + '" name="' + escapeXML(input_elem[j].name) + '" value="' + escapeXML(input_elem[j].value) + '" />';
 			} else if (res_type == 'checkbox' || res_type == 'radio') {
 				if (input_elem[j].checked) {
-					temp += '<input type="' + res_type + '" name="' + input_elem[j].name + '" checked="checked"';
+					temp += '<input type="' + res_type + '" name="' + escapeXML(input_elem[j].name) + '" checked="checked"';
 					if (res_type == 'radio')
-						temp += ' value="' + input_elem[j].value + '"';
+						temp += ' value="' + escapeXML(input_elem[j].value) + '"';
 					temp += ' />';
 				}
 			}
@@ -513,11 +513,11 @@
 
 		var select_elem = form[i].getElementsByTagName('select');
 		for (var j = 0 ; j < select_elem.length ; j++) {
-			temp += '<input type="text" name="' + select_elem[j].name + '" value="' + select_elem[j].options[select_elem[j].options.selectedIndex].value + '" />';
+			temp += '<input type="text" name="' + escapeXML(select_elem[j].name) + '" value="' + escapeXML(select_elem[j].options[select_elem[j].options.selectedIndex].value) + '" />';
 		}
 
-		form_xml += '<form id="' + form[i].uuid.value + '" parent="' +
-					form[i].parent_uuid.value + '">' + temp + '</form>';
+		form_xml += '<form id="' + escapeXML(form[i].uuid.value) + '" parent="' +
+					escapeXML(form[i].parent_uuid.value) + '">' + temp + '</form>';
 	}
 
 	if (!svc_name)
--- conga/luci/cluster/validate_fence.js	2007/03/01 00:31:08	1.1.2.1
+++ conga/luci/cluster/validate_fence.js	2007/06/20 20:19:34	1.1.2.2
@@ -218,27 +218,27 @@
 			if (res_type == 'hidden' || res_type == 'text' ||
 				res_type == 'password')
 			{
-				temp += '<input type="' + res_type + '" name="' + input_elem[j].name + '" value="' + input_elem[j].value + '" />';
+				temp += '<input type="' + res_type + '" name="' + escapeXML(input_elem[j].name) + '" value="' + escapeXML(input_elem[j].value) + '" />';
 			} else if (res_type == 'checkbox' || res_type == 'radio') {
 				if (input_elem[j].checked) {
-					temp += '<input type="' + res_type + '" name="' + input_elem[j].name + '"';
+					temp += '<input type="' + res_type + '" name="' + escapeXML(input_elem[j].name) + '"';
 					if (res_type == 'checkbox')
 						temp += ' value="1"';
 					else if (res_type == 'radio')
-						temp += ' value="' + input_elem[j].value + '"';
+						temp += ' value="' + escapeXML(input_elem[j].value) + '"';
 					temp += ' />';
 				} else if (res_type == 'checkbox') {
-					temp += '<input type="' + res_type + '" name="' + input_elem[j].name + '" value="0" />';
+					temp += '<input type="' + res_type + '" name="' + escapeXML(input_elem[j].name) + '" value="0" />';
 				}
 			}
 		}
 
 		var select_elem = form[i].getElementsByTagName('select');
 		for (var j = 0 ; j < select_elem.length ; j++) {
-			temp += '<input type="text" name="' + select_elem[j].name + '" value="' + select_elem[j].options[select_elem[j].options.selectedIndex].value + '" />';
+			temp += '<input type="text" name="' + escapeXML(select_elem[j].name) + '" value="' + escapeXML(select_elem[j].options[select_elem[j].options.selectedIndex].value) + '" />';
 		}
 
-		form_xml += '<form id="' + form[i].getAttribute('name') + '">' + temp + '</form>';
+		form_xml += '<form id="' + escapeXML(form[i].getAttribute('name')) + '">' + temp + '</form>';
 	}
 
 	master_form.fence_xml.value = '<formlist>' + form_xml + '</formlist>';
--- conga/luci/plone-custom/conga.js	2006/11/16 19:34:53	1.3.2.1
+++ conga/luci/plone-custom/conga.js	2007/06/20 20:19:34	1.3.2.2
@@ -5,6 +5,12 @@
 	return (0);
 }
 
+function escapeXML(str) {
+	if (!str)
+		return '';
+	return str.replace('&', '&').replace('<', '<').replace('>', '>').replace('"', '"').replace('\'', ''');
+}
+
 function popup_window(url, width_percent, height_percent) {
 	var width = window.innerWidth * (width_percent / 100);
 	var height = window.innerHeight * (height_percent / 100);

More information about the Cluster-devel mailing list