Properly escape URL
Fixes https://github.com/owncloud/core/issues/23499
This commit is contained in:
parent
14fdafaede
commit
ff1150bb4d
|
@ -191,7 +191,7 @@ DeleteHandler.prototype.deleteEntry = function(keepNotification) {
|
||||||
payload[dh.ajaxParamID] = dh.oidToDelete;
|
payload[dh.ajaxParamID] = dh.oidToDelete;
|
||||||
return $.ajax({
|
return $.ajax({
|
||||||
type: 'DELETE',
|
type: 'DELETE',
|
||||||
url: OC.generateUrl(dh.ajaxEndpoint+'/'+this.oidToDelete),
|
url: OC.generateUrl(dh.ajaxEndpoint+'/{oid}',{oid: this.oidToDelete}),
|
||||||
// FIXME: do not use synchronous ajax calls as they block the browser !
|
// FIXME: do not use synchronous ajax calls as they block the browser !
|
||||||
async: false,
|
async: false,
|
||||||
success: function (result) {
|
success: function (result) {
|
||||||
|
|
|
@ -132,6 +132,20 @@ describe('DeleteHandler tests', function() {
|
||||||
var request = fakeServer.requests[0];
|
var request = fakeServer.requests[0];
|
||||||
expect(request.url).toEqual(OC.webroot + '/index.php/dummyendpoint.php/some_uid');
|
expect(request.url).toEqual(OC.webroot + '/index.php/dummyendpoint.php/some_uid');
|
||||||
});
|
});
|
||||||
|
it('deletes when deleteEntry is called and escapes', function() {
|
||||||
|
fakeServer.respondWith(/\/index\.php\/dummyendpoint.php\/some_uid/, [
|
||||||
|
200,
|
||||||
|
{ 'Content-Type': 'application/json' },
|
||||||
|
JSON.stringify({status: 'success'})
|
||||||
|
]);
|
||||||
|
var handler = init(markCallback, removeCallback, undoCallback);
|
||||||
|
handler.mark('some_uid<>/"..\\');
|
||||||
|
|
||||||
|
handler.deleteEntry();
|
||||||
|
expect(fakeServer.requests.length).toEqual(1);
|
||||||
|
var request = fakeServer.requests[0];
|
||||||
|
expect(request.url).toEqual(OC.webroot + '/index.php/dummyendpoint.php/some_uid%3C%3E%2F%22..%5C');
|
||||||
|
});
|
||||||
it('cancels deletion when undo is clicked', function() {
|
it('cancels deletion when undo is clicked', function() {
|
||||||
var handler = init(markCallback, removeCallback, undoCallback);
|
var handler = init(markCallback, removeCallback, undoCallback);
|
||||||
handler.setNotification(OC.Notification, 'dataid', 'removed %oid entry <span class="undo">Undo</span>', undoCallback);
|
handler.setNotification(OC.Notification, 'dataid', 'removed %oid entry <span class="undo">Undo</span>', undoCallback);
|
||||||
|
|
Loading…
Reference in New Issue