Properly escape URL

Fixes https://github.com/owncloud/core/issues/23499
This commit is contained in:
Lukas Reschke 2016-04-18 17:38:14 +02:00
parent 14fdafaede
commit ff1150bb4d
No known key found for this signature in database
GPG Key ID: 9AB0ADB949B6898C
2 changed files with 15 additions and 1 deletions

View File

@ -191,7 +191,7 @@ DeleteHandler.prototype.deleteEntry = function(keepNotification) {
payload[dh.ajaxParamID] = dh.oidToDelete;
return $.ajax({
type: 'DELETE',
url: OC.generateUrl(dh.ajaxEndpoint+'/'+this.oidToDelete),
url: OC.generateUrl(dh.ajaxEndpoint+'/{oid}',{oid: this.oidToDelete}),
// FIXME: do not use synchronous ajax calls as they block the browser !
async: false,
success: function (result) {

View File

@ -132,6 +132,20 @@ describe('DeleteHandler tests', function() {
var request = fakeServer.requests[0];
expect(request.url).toEqual(OC.webroot + '/index.php/dummyendpoint.php/some_uid');
});
it('deletes when deleteEntry is called and escapes', function() {
fakeServer.respondWith(/\/index\.php\/dummyendpoint.php\/some_uid/, [
200,
{ 'Content-Type': 'application/json' },
JSON.stringify({status: 'success'})
]);
var handler = init(markCallback, removeCallback, undoCallback);
handler.mark('some_uid<>/"..\\');
handler.deleteEntry();
expect(fakeServer.requests.length).toEqual(1);
var request = fakeServer.requests[0];
expect(request.url).toEqual(OC.webroot + '/index.php/dummyendpoint.php/some_uid%3C%3E%2F%22..%5C');
});
it('cancels deletion when undo is clicked', function() {
var handler = init(markCallback, removeCallback, undoCallback);
handler.setNotification(OC.Notification, 'dataid', 'removed %oid entry <span class="undo">Undo</span>', undoCallback);