Skip to content
Snippets Groups Projects
Commit 140b9181 authored by deuce's avatar deuce
Browse files

Use encodeURIComponent where appropriate for URIs.

parent 4702ee5a
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
web/root/sajax-forum/client_functions.xjs
+ 7
7
View file @ 140b9181
...@@ -76,7 +76,7 @@ function toggle_replies(sub_code, message_number) ...@@ -76,7 +76,7 @@ function toggle_replies(sub_code, message_number)
var expander=document.getElementById(expanderid); var expander=document.getElementById(expanderid);
if(container.innerHTML=='') { if(container.innerHTML=='') {
ajaxpage(messages_url+"?sub_code="+sub_code+"&msg_number="+message_number+'&user='+user,containerid,expanderid,minus_url); ajaxpage(messages_url+"?sub_code="+encodeURIComponent(sub_code)+"&msg_number="+message_number+'&user='+encodeURIComponent(user),containerid,expanderid,minus_url);
container.style.display='block'; container.style.display='block';
} }
else { else {
...@@ -98,7 +98,7 @@ function toggle_body(sub_code, message_number) ...@@ -98,7 +98,7 @@ function toggle_body(sub_code, message_number)
var message=container.parentNode.parentNode; var message=container.parentNode.parentNode;
if(container.innerHTML=='') { if(container.innerHTML=='') {
ajaxpage(body_url+"?sub_code="+sub_code+"&msg_number="+message_number+'&user='+user,containerid); ajaxpage(body_url+"?sub_code="+encodeURIComponent(sub_code)+"&msg_number="+message_number+'&user='+encodeURIComponent(user),containerid);
container.style.display='block'; container.style.display='block';
/* If this is higher than the current read_ptr, update it */ /* If this is higher than the current read_ptr, update it */
if(read_ptr[sub_code] < message_number) if(read_ptr[sub_code] < message_number)
...@@ -144,7 +144,7 @@ function load_more_messages(sub_code, offset, count) ...@@ -144,7 +144,7 @@ function load_more_messages(sub_code, offset, count)
var m=container.innerHTML.match(/^([\u0000-\uffff]*?)<[Aa] href="javascript:load_more_messages[\u0000-\uffff]*$/); var m=container.innerHTML.match(/^([\u0000-\uffff]*?)<[Aa] href="javascript:load_more_messages[\u0000-\uffff]*$/);
if(m!=null) { if(m!=null) {
ajaxpage(messages_url+"?sub_code="+sub_code+'&msg_count='+count+'&msg_offset='+offset+'&user='+user,containerid, undefined, undefined, false, m[1]); ajaxpage(messages_url+"?sub_code="+encodeURIComponent(sub_code)+'&msg_count='+count+'&msg_offset='+offset+'&user='+encodeURIComponent(user),containerid, undefined, undefined, false, m[1]);
} }
else { else {
alert("No match!"); alert("No match!");
...@@ -157,7 +157,7 @@ function toggle_messages(sub_code) ...@@ -157,7 +157,7 @@ function toggle_messages(sub_code)
var container=document.getElementById(containerid); var container=document.getElementById(containerid);
if(container.innerHTML=='') { if(container.innerHTML=='') {
ajaxpage(messages_url+"?sub_code="+sub_code+'&user='+user,containerid); ajaxpage(messages_url+"?sub_code="+encodeURIComponent(sub_code)+'&user='+encodeURIComponent(user),containerid);
container.style.display='block'; container.style.display='block';
if(read_ptr[sub_code]==undefined) if(read_ptr[sub_code]==undefined)
read_ptr[sub_code]=0; read_ptr[sub_code]=0;
...@@ -176,7 +176,7 @@ function toggle_subs(group_code) ...@@ -176,7 +176,7 @@ function toggle_subs(group_code)
var container=document.getElementById(containerid); var container=document.getElementById(containerid);
if(container.innerHTML=='') { if(container.innerHTML=='') {
ajaxpage(subs_url+"?group_code="+group_code+'&user='+user,containerid); ajaxpage(subs_url+"?group_code="+encodeURIComponent(group_code)+'&user='+encodeURIComponent(user),containerid);
container.style.display='block'; container.style.display='block';
} }
else { else {
...@@ -190,7 +190,7 @@ function toggle_subs(group_code) ...@@ -190,7 +190,7 @@ function toggle_subs(group_code)
function reload_groups() function reload_groups()
{ {
var containerid='group-list'; var containerid='group-list';
ajaxpage(groups_url+'?user='+user,containerid); ajaxpage(groups_url+'?user='+encodeURIComponent(user),containerid);
} }
function ajaxpage(url, containerid, buttonid, buttonurl, is_script, prefix, suffix) function ajaxpage(url, containerid, buttonid, buttonurl, is_script, prefix, suffix)
...@@ -286,7 +286,7 @@ function login() ...@@ -286,7 +286,7 @@ function login()
var new_password=document.getElementById('login_password').value; var new_password=document.getElementById('login_password').value;
/* Clear newest read pointers */ /* Clear newest read pointers */
read_ptr=new Object(); read_ptr=new Object();
ajaxpage(login_url+'?user='+new_user+'&pass='+new_password+'&killcache='+new Date().getTime()+Math.random(), 'current_user',undefined,undefined,true); ajaxpage(login_url+'?user='+encodeURIComponent(new_user)+'&pass='+encodeURIComponent(new_password)+'&killcache='+new Date().getTime()+Math.random(), 'current_user',undefined,undefined,true);
} }
function update_pointers() function update_pointers()
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment