escape find values in url

This commit is contained in:
j 2017-11-16 17:25:52 +01:00
parent 959ffaba25
commit 8c25aceb67
6 changed files with 13 additions and 10 deletions

View file

@ -290,10 +290,7 @@ pandora.ui.embedDialog = function(/*[url, ]callback*/) {
? '%' + char.charCodeAt(0).toString(16).toUpperCase()
: char;
});
return ret.replace(/_/g, '%09')
.replace(/\s/g, '_')
.replace(/</g, '%0E')
.replace(/>/g, '%0F');
return pandora.escapeQueryValue(ret);
}
function getForm() {

View file

@ -781,7 +781,7 @@ pandora.ui.infoView = function(data) {
function formatValue(value, key) {
return (Ox.isArray(value) ? value : [value]).map(function(value) {
return key ?
'<a href="/' + key + '=' + value + '">' + value + '</a>'
'<a href="/' + key + '=' + pandora.escapeQueryValue(value) + '">' + value + '</a>'
: value;
}).join(', ');
}

View file

@ -694,7 +694,7 @@ pandora.ui.infoView = function(data) {
return key
? '<a href="/' + (
key == 'alternativeTitles' ? 'title' : key
) + '=' + value + '">' + value + '</a>'
) + '=' + pandora.escapeQueryValue(value) + '">' + value + '</a>'
: value;
}).join(Ox.contains(specialListKeys, key) ? '; ' : ', ');
}

View file

@ -586,7 +586,7 @@ pandora.ui.infoView = function(data) {
function formatLink(key, value, linkValue) {
return (Ox.isArray(value) ? value : [value]).map(function(value) {
return key
? '<a href="/' + key + '=' + (linkValue ? linkValue : value) + '">' + value + '</a>'
? '<a href="/' + key + '=' + pandora.escapeQueryValue(linkValue ? linkValue : value) + '">' + value + '</a>'
: value;
}).join(', ');
}

View file

@ -442,7 +442,7 @@ pandora.ui.insertEmbedDialog = function(/*[url, ]callback*/) {
var data = Ox.map($input, function($element) {
return $element.options('value');
}),
options = Ox.serialize({
options = pandora.escapeQueryValue(Ox.serialize({
title: data.title || void 0,
showTimeline: data.showTimeline || void 0,
timeline: data.timeline && data.timeline != 'default'
@ -451,8 +451,7 @@ pandora.ui.insertEmbedDialog = function(/*[url, ]callback*/) {
showLayers: data.showAnnotations && data.showLayers
? data.showLayers : void 0,
//matchRatio: true
}, true)
.replace(/_/g, '%09').replace(/\s/g, '_')
}, true))
.replace(/"/g, '&quot;');
url = data.protocol + '://'
+ data.site + '/'

View file

@ -1046,6 +1046,13 @@ pandora.enableDragAndDrop = function($list, canMove, section, getItems) {
};
pandora.escapeQueryValue = function(value) {
return value.replace(/_/g, '%09')
.replace(/\s/g, '_')
.replace(/</g, '%0E')
.replace(/>/g, '%0F');
};
pandora.enterFullscreen = function() {
pandora.$ui.appPanel.size(0, 0);
if (pandora.user.ui.showSidebar) {