From 140b918151dad47df7e3d4ae6e4c4f5dd718ff90 Mon Sep 17 00:00:00 2001
From: deuce <>
Date: Fri, 14 Nov 2008 00:27:15 +0000
Subject: [PATCH] Use encodeURIComponent where appropriate for URIs.

---
 web/root/sajax-forum/client_functions.xjs | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/web/root/sajax-forum/client_functions.xjs b/web/root/sajax-forum/client_functions.xjs
index 5955c7d74b..3d1c9dec89 100644
--- a/web/root/sajax-forum/client_functions.xjs
+++ b/web/root/sajax-forum/client_functions.xjs
@@ -76,7 +76,7 @@ function toggle_replies(sub_code, message_number)
 	var expander=document.getElementById(expanderid);
 
 	if(container.innerHTML=='') {
-		ajaxpage(messages_url+"?sub_code="+sub_code+"&msg_number="+message_number+'&user='+user,containerid,expanderid,minus_url);
+		ajaxpage(messages_url+"?sub_code="+encodeURIComponent(sub_code)+"&msg_number="+message_number+'&user='+encodeURIComponent(user),containerid,expanderid,minus_url);
 		container.style.display='block';
 	}
 	else {
@@ -98,7 +98,7 @@ function toggle_body(sub_code, message_number)
 	var message=container.parentNode.parentNode;
 
 	if(container.innerHTML=='') {
-		ajaxpage(body_url+"?sub_code="+sub_code+"&msg_number="+message_number+'&user='+user,containerid);
+		ajaxpage(body_url+"?sub_code="+encodeURIComponent(sub_code)+"&msg_number="+message_number+'&user='+encodeURIComponent(user),containerid);
 		container.style.display='block';
 		/* If this is higher than the current read_ptr, update it */
 		if(read_ptr[sub_code] < message_number)
@@ -144,7 +144,7 @@ function load_more_messages(sub_code, offset, count)
 	var m=container.innerHTML.match(/^([\u0000-\uffff]*?)<[Aa] href="javascript:load_more_messages[\u0000-\uffff]*$/);
 
 	if(m!=null) {
-		ajaxpage(messages_url+"?sub_code="+sub_code+'&msg_count='+count+'&msg_offset='+offset+'&user='+user,containerid, undefined, undefined, false, m[1]);
+		ajaxpage(messages_url+"?sub_code="+encodeURIComponent(sub_code)+'&msg_count='+count+'&msg_offset='+offset+'&user='+encodeURIComponent(user),containerid, undefined, undefined, false, m[1]);
 	}
 	else {
 		alert("No match!");
@@ -157,7 +157,7 @@ function toggle_messages(sub_code)
 	var container=document.getElementById(containerid);
 
 	if(container.innerHTML=='') {
-		ajaxpage(messages_url+"?sub_code="+sub_code+'&user='+user,containerid);
+		ajaxpage(messages_url+"?sub_code="+encodeURIComponent(sub_code)+'&user='+encodeURIComponent(user),containerid);
 		container.style.display='block';
 		if(read_ptr[sub_code]==undefined)
 			read_ptr[sub_code]=0;
@@ -176,7 +176,7 @@ function toggle_subs(group_code)
 	var container=document.getElementById(containerid);
 
 	if(container.innerHTML=='') {
-		ajaxpage(subs_url+"?group_code="+group_code+'&user='+user,containerid);
+		ajaxpage(subs_url+"?group_code="+encodeURIComponent(group_code)+'&user='+encodeURIComponent(user),containerid);
 		container.style.display='block';
 	}
 	else {
@@ -190,7 +190,7 @@ function toggle_subs(group_code)
 function reload_groups()
 {
 	var containerid='group-list';
-	ajaxpage(groups_url+'?user='+user,containerid);
+	ajaxpage(groups_url+'?user='+encodeURIComponent(user),containerid);
 }
 
 function ajaxpage(url, containerid, buttonid, buttonurl, is_script, prefix, suffix)
@@ -286,7 +286,7 @@ function login()
 	var new_password=document.getElementById('login_password').value;
 	/* Clear newest read pointers */
 	read_ptr=new Object();
-	ajaxpage(login_url+'?user='+new_user+'&pass='+new_password+'&killcache='+new Date().getTime()+Math.random(), 'current_user',undefined,undefined,true);
+	ajaxpage(login_url+'?user='+encodeURIComponent(new_user)+'&pass='+encodeURIComponent(new_password)+'&killcache='+new Date().getTime()+Math.random(), 'current_user',undefined,undefined,true);
 }
 
 function update_pointers()
-- 
GitLab