[open-ils-commits] [GIT] Evergreen ILS branch rel_2_1 updated. 4b83cfb75263b39e734eac1533d967a5d1b36837
Evergreen Git
git at git.evergreen-ils.org
Fri Aug 12 16:33:56 EDT 2011
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Evergreen ILS".
The branch, rel_2_1 has been updated
via 4b83cfb75263b39e734eac1533d967a5d1b36837 (commit)
via f6fe28b5bb0a9de00f0c9f701517de002bb3793a (commit)
via cce7c36c36bcafb7a851f3c25337b1220fdcfe53 (commit)
via 16804d9f7004a1070218a25f2fccfb79b39e3869 (commit)
from efe9353a617a0182ec7412270d89742aad0e5821 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 4b83cfb75263b39e734eac1533d967a5d1b36837
Author: Thomas Berezansky <tsbere at mvlc.org>
Date: Fri Aug 12 15:47:25 2011 -0400
Don't escape_html numbers in util/print.js
Signed-off-by: Thomas Berezansky <tsbere at mvlc.org>
Signed-off-by: Jason Etheridge <jason at esilibrary.com>
diff --git a/Open-ILS/xul/staff_client/chrome/content/util/print.js b/Open-ILS/xul/staff_client/chrome/content/util/print.js
index e0006ed..6ab785b 100644
--- a/Open-ILS/xul/staff_client/chrome/content/util/print.js
+++ b/Open-ILS/xul/staff_client/chrome/content/util/print.js
@@ -301,7 +301,7 @@ util.print.prototype = {
for (var i in params.data) {
var re = new RegExp('%'+i+'%',"g");
if (typeof params.data[i] == 'string' || typeof params.data[i] == 'number') {
- try{b = s; s=s.replace(re, this.escape_html(params.data[i]));}
+ try{b = s; s=s.replace(re, (typeof params.data[i] == 'string' ? this.escape_html(params.data[i]) : params.data[i]));}
catch(E){s = b; this.error.standard_unexpected_error_alert('print.js, template_sub(): 3 string = <' + s + '>',E);}
} else {
/* likely a null, print as an empty string */
commit f6fe28b5bb0a9de00f0c9f701517de002bb3793a
Author: Thomas Berezansky <tsbere at mvlc.org>
Date: Wed Aug 10 21:37:54 2011 -0400
Escape HTML characters in template subs
This prevents injection of random HTML from various sources.
Like bad bib records, org unit settings, patron info, etc.
Signed-off-by: Thomas Berezansky <tsbere at mvlc.org>
Signed-off-by: Jason Etheridge <jason at esilibrary.com>
diff --git a/Open-ILS/xul/staff_client/chrome/content/util/print.js b/Open-ILS/xul/staff_client/chrome/content/util/print.js
index f5d67c6..e0006ed 100644
--- a/Open-ILS/xul/staff_client/chrome/content/util/print.js
+++ b/Open-ILS/xul/staff_client/chrome/content/util/print.js
@@ -82,6 +82,9 @@ util.print.prototype = {
line = line.replace(/<block.*?>/gi,'');
line = line.replace(/<li.*?>/gi,' * ');
line = line.replace(/<.+?>/gi,'');
+ line = line.replace(/</gi,'<');
+ line = line.replace(/>/gi,'>');
+ line = line.replace(/&/gi,'&');
if (line) { new_lines.push(line); }
} else {
new_lines.push(line);
@@ -92,6 +95,10 @@ util.print.prototype = {
return new_html;
},
+ 'escape_html' : function(data) {
+ return data.replace(/&/g,'&').replace(/</g,'<').replace(/>/g,'>');
+ },
+
'simple' : function(msg,params) {
try {
if (!params) params = {};
@@ -222,32 +229,32 @@ util.print.prototype = {
try{b = s; s = s.replace(/%LINE_NO%/,Number(params.row_idx)+1);}
catch(E){s = b; this.error.sdump('D_WARN','string = <' + s + '> error = ' + js2JSON(E)+'\n');}
- try{b = s; s = s.replace(/%patron_barcode%/,params.patron_barcode);}
+ try{b = s; s = s.replace(/%patron_barcode%/,this.escape_html(params.patron_barcode));}
catch(E){s = b; this.error.sdump('D_WARN','string = <' + s + '> error = ' + js2JSON(E)+'\n');}
- try{b = s; s = s.replace(/%LIBRARY%/,params.lib.name());}
+ try{b = s; s = s.replace(/%LIBRARY%/,this.escape_html(params.lib.name()));}
catch(E){s = b; this.error.sdump('D_WARN','string = <' + s + '> error = ' + js2JSON(E)+'\n');}
- try{b = s; s = s.replace(/%PINES_CODE%/,params.lib.shortname());}
+ try{b = s; s = s.replace(/%PINES_CODE%/,this.escape_html(params.lib.shortname()));}
catch(E){s = b; this.error.sdump('D_WARN','string = <' + s + '> error = ' + js2JSON(E)+'\n');}
- try{b = s; s = s.replace(/%SHORTNAME%/,params.lib.shortname());}
+ try{b = s; s = s.replace(/%SHORTNAME%/,this.escape_html(params.lib.shortname()));}
catch(E){s = b; this.error.sdump('D_WARN','string = <' + s + '> error = ' + js2JSON(E)+'\n');}
- try{b = s; s = s.replace(/%STAFF_FIRSTNAME%/,params.staff.first_given_name());}
+ try{b = s; s = s.replace(/%STAFF_FIRSTNAME%/,this.escape_html(params.staff.first_given_name()));}
catch(E){s = b; this.error.sdump('D_WARN','string = <' + s + '> error = ' + js2JSON(E)+'\n');}
- try{b = s; s = s.replace(/%STAFF_LASTNAME%/,params.staff.family_name());}
+ try{b = s; s = s.replace(/%STAFF_LASTNAME%/,this.escape_html(params.staff.family_name()));}
catch(E){s = b; this.error.sdump('D_WARN','string = <' + s + '> error = ' + js2JSON(E)+'\n');}
- try{b = s; s = s.replace(/%STAFF_BARCODE%/,params.staff.barcode); }
+ try{b = s; s = s.replace(/%STAFF_BARCODE%/,this.escape_html(params.staff.barcode)); }
catch(E){s = b; this.error.sdump('D_WARN','string = <' + s + '> error = ' + js2JSON(E)+'\n');}
- try{b = s; s = s.replace(/%STAFF_PROFILE%/,obj.data.hash.pgt[ params.staff.profile() ].name() ); }
+ try{b = s; s = s.replace(/%STAFF_PROFILE%/,this.escape_html(obj.data.hash.pgt[ params.staff.profile() ].name() )); }
catch(E){s = b; this.error.sdump('D_WARN','string = <' + s + '> error = ' + js2JSON(E)+'\n');}
- try{b = s; s = s.replace(/%PATRON_ALIAS_OR_FIRSTNAME%/,(params.patron.alias() == '' || params.patron.alias() == null) ? params.patron.first_given_name() : params.patron.alias());}
+ try{b = s; s = s.replace(/%PATRON_ALIAS_OR_FIRSTNAME%/,this.escape_html((params.patron.alias() == '' || params.patron.alias() == null) ? params.patron.first_given_name() : params.patron.alias()));}
catch(E){s = b; this.error.sdump('D_WARN','string = <' + s + '> error = ' + js2JSON(E)+'\n');}
- try{b = s; s = s.replace(/%PATRON_ALIAS%/,(params.patron.alias() == '' || params.patron.alias() == null) ? '' : params.patron.alias());}
+ try{b = s; s = s.replace(/%PATRON_ALIAS%/,this.escape_html((params.patron.alias() == '' || params.patron.alias() == null) ? '' : params.patron.alias()));}
catch(E){s = b; this.error.sdump('D_WARN','string = <' + s + '> error = ' + js2JSON(E)+'\n');}
- try{b = s; s = s.replace(/%PATRON_FIRSTNAME%/,params.patron.first_given_name());}
+ try{b = s; s = s.replace(/%PATRON_FIRSTNAME%/,this.escape_html(params.patron.first_given_name()));}
catch(E){s = b; this.error.sdump('D_WARN','string = <' + s + '> error = ' + js2JSON(E)+'\n');}
- try{b = s; s = s.replace(/%PATRON_LASTNAME%/,params.patron.family_name());}
+ try{b = s; s = s.replace(/%PATRON_LASTNAME%/,this.escape_html(params.patron.family_name()));}
catch(E){s = b; this.error.sdump('D_WARN','string = <' + s + '> error = ' + js2JSON(E)+'\n');}
- try{b = s; s = s.replace(/%PATRON_BARCODE%/,typeof params.patron.card() == 'object' ? params.patron.card().barcode() : util.functional.find_id_object_in_list( params.patron.cards(), params.patron.card() ).barcode() ) ;}
+ try{b = s; s = s.replace(/%PATRON_BARCODE%/,this.escape_html(typeof params.patron.card() == 'object' ? params.patron.card().barcode() : util.functional.find_id_object_in_list( params.patron.cards(), params.patron.card() ).barcode() )) ;}
catch(E){s = b; this.error.sdump('D_WARN','string = <' + s + '> error = ' + js2JSON(E)+'\n');}
try{b = s; s=s.replace(/%TODAY%/g,(new Date()));}
@@ -277,14 +284,14 @@ util.print.prototype = {
alert('debug - please tell the developers that deprecated template code tried to execute');
for (var i = 0; i < cols.length; i++) {
var re = new RegExp(cols[i],"g");
- try{b = s; s=s.replace(re, params.row[i]);}
+ try{b = s; s=s.replace(re, this.escape_html(params.row[i]));}
catch(E){s = b; this.error.standard_unexpected_error_alert('print.js, template_sub(): 1 string = <' + s + '>',E);}
}
} else {
/* for dump_with_keys */
for (var i in params.row) {
var re = new RegExp('%'+i+'%',"g");
- try{b = s; s=s.replace(re, params.row[i]);}
+ try{b = s; s=s.replace(re, this.escape_html(params.row[i]));}
catch(E){s = b; this.error.standard_unexpected_error_alert('print.js, template_sub(): 2 string = <' + s + '>',E);}
}
}
@@ -294,7 +301,7 @@ util.print.prototype = {
for (var i in params.data) {
var re = new RegExp('%'+i+'%',"g");
if (typeof params.data[i] == 'string' || typeof params.data[i] == 'number') {
- try{b = s; s=s.replace(re, params.data[i]);}
+ try{b = s; s=s.replace(re, this.escape_html(params.data[i]));}
catch(E){s = b; this.error.standard_unexpected_error_alert('print.js, template_sub(): 3 string = <' + s + '>',E);}
} else {
/* likely a null, print as an empty string */
commit cce7c36c36bcafb7a851f3c25337b1220fdcfe53
Author: Thomas Berezansky <tsbere at mvlc.org>
Date: Wed Aug 10 21:03:46 2011 -0400
Use openDialog to make go_print workaround vanish
By passing params and the go_print function into openDialog we get
to ignore race conditions, as the window is created with the passed
in arguments.
Oh, and we can stop using js2JSON and such.
Signed-off-by: Thomas Berezansky <tsbere at mvlc.org>
Signed-off-by: Jason Etheridge <jason at esilibrary.com>
diff --git a/Open-ILS/xul/staff_client/chrome/content/util/print.js b/Open-ILS/xul/staff_client/chrome/content/util/print.js
index ce0442d..f5d67c6 100644
--- a/Open-ILS/xul/staff_client/chrome/content/util/print.js
+++ b/Open-ILS/xul/staff_client/chrome/content/util/print.js
@@ -148,13 +148,11 @@ util.print.prototype = {
switch(content_type) {
case 'text/html' :
- var jsrc = 'data:text/javascript,' + window.escape('var params = { "data" : ' + js2JSON(params.data) + ', "list" : ' + js2JSON(params.list) + '}; function my_init() { if (typeof go_print == "function") { go_print(); } else { setTimeout( function() { if (typeof go_print == "function") { alert("Please tell the developers that the 2-second go_print workaround executed, and let them know whether this job printed successfully. Thanks!"); go_print(); } else { alert("Please tell the developers that the 2-second go_print workaround did not work. We will try to print one more time; there have been reports of wasted receipt paper at this point. Please check the settings in the print dialog and/or prepare to power off your printer. Thanks!"); window.print(); } }, 2000 ); } /* FIXME - mozilla bug#301560 - xpcom kills it too */ }');
+ var jsrc = 'data:text/javascript,' + window.escape('var params = window.arguments[0]; window.go_print = window.arguments[1];');
var print_url = 'data:text/html,'
+ '<html id="top"><head><script src="/xul/server/main/JSAN.js"></script><script src="' + window.escape(jsrc) + '"></script></head>'
- + '<body onload="try{my_init();}catch(E){alert(E);}">' + window.escape(msg) + '</body></html>';
- w = obj.win.open(print_url,'receipt_temp','chrome,resizable');
- w.minimize();
- w.go_print = function() {
+ + '<body onload="try{go_print();}catch(E){alert(E);}">' + window.escape(msg) + '</body></html>';
+ w = obj.win.openDialog(print_url,'receipt_temp','chrome,resizable,minimizable', null, { "data" : params.data, "list" : params.list}, function() {
try {
obj.NSPrint(w, silent, params);
} catch(E) {
@@ -162,7 +160,8 @@ util.print.prototype = {
w.print();
}
w.minimize(); w.close();
- }
+ });
+ w.minimize();
break;
default:
w = obj.win.open('data:' + content_type + ',' + window.escape(msg),'receipt_temp','chrome,resizable');
commit 16804d9f7004a1070218a25f2fccfb79b39e3869
Author: Thomas Berezansky <tsbere at mvlc.org>
Date: Wed Aug 10 21:02:51 2011 -0400
Add openDialog to window class
Uses window.openDialog instead of window.open.
https://developer.mozilla.org/en/DOM/window.openDialog
Signed-off-by: Thomas Berezansky <tsbere at mvlc.org>
Signed-off-by: Jason Etheridge <jason at esilibrary.com>
diff --git a/Open-ILS/xul/staff_client/chrome/content/util/window.js b/Open-ILS/xul/staff_client/chrome/content/util/window.js
index fc1c19a..dbacd79 100644
--- a/Open-ILS/xul/staff_client/chrome/content/util/window.js
+++ b/Open-ILS/xul/staff_client/chrome/content/util/window.js
@@ -59,6 +59,33 @@ util.window.prototype = {
return w;
},
+ 'SafeWindowOpenDialog' : function (url,title,features) {
+ var w;
+
+ netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+ netscape.security.PrivilegeManager.enablePrivilege("UniversalPreferencesRead");
+ netscape.security.PrivilegeManager.enablePrivilege("UniversalPreferencesWrite");
+ netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
+ netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserWrite");
+
+ const CI = Components.interfaces;
+ const PB = Components.classes["@mozilla.org/preferences-service;1"].getService(CI.nsIPrefBranch);
+
+ var blocked = false;
+ try {
+ // pref 'dom.disable_open_during_load' is the main popup blocker preference
+ blocked = PB.getBoolPref("dom.disable_open_during_load");
+ if(blocked) PB.setBoolPref("dom.disable_open_during_load",false);
+ w = this.win.openDialog.apply(this.win,arguments);
+ } catch(E) {
+ this.error.sdump('D_ERROR','window.SafeWindowOpen: ' + E + '\n');
+ throw(E);
+ }
+ if(blocked) PB.setBoolPref("dom.disable_open_during_load",true);
+
+ return w;
+ },
+
'open' : function(url,title,features,my_xulG) {
netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
var key;
@@ -108,6 +135,59 @@ util.window.prototype = {
);
*/
return w;
+ },
+
+ 'openDialog' : function(url,title,features,my_xulG) {
+ netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+ var key;
+ if (!title) title = '_blank';
+ if (!features) features = 'chrome'; // Note that this is a default for openDialog anyway
+ var outArgs = Array.prototype.slice.call(arguments);
+ outArgs.splice(3,1); // Remove my_xulG
+ this.error.sdump('D_WIN', 'opening ' + url + ', ' + title + ', ' + features + ' from ' + this.win + '\n');
+ var data;
+ if (features.match(/modal/) && my_xulG) {
+ JSAN.use('OpenILS.data'); data = new OpenILS.data(); data.init({'via':'stash'});
+ if (typeof data.modal_xulG_stack == 'undefined') data.modal_xulG_stack = {};
+ /* FIXME - not a perfect key.. could imagine two top-level windows both opening modal windows */
+ key = url;
+ if (typeof xulG == 'object') {
+ if (typeof xulG.url_prefix == 'function') {
+ key = key.replace( xulG.url_prefix('/'), '/' );
+ }
+ } else if (typeof url_prefix == 'function') {
+ key = key.replace( url_prefix('/'), '/' );
+ }
+ if (typeof data.modal_xulG_stack[key] == 'undefined') data.modal_xulG_stack[key] = [];
+ data.modal_xulG_stack[key].push( my_xulG );
+ data.stash('modal_xulG_stack');
+ this.error.sdump('D_WIN','modal key = ' + key);
+ }
+ var w = this.SafeWindowOpenDialog.apply(this, outArgs);
+ if (features.match(/modal/) && my_xulG) {
+ data.init({'via':'stash'});
+ var x = data.modal_xulG_stack[key].pop();
+ data.stash('modal_xulG_stack');
+ w.focus();
+ return x;
+ } else {
+ if (my_xulG) {
+ if (get_contentWindow(w)) {
+ get_contentWindow(w).xulG = my_xulG;
+ } else {
+ w.xulG = my_xulG;
+ }
+ }
+ }
+ /*
+ setTimeout(
+ function() {
+ try { w.title = title; } catch(E) { dump('**'+E+'\n'); }
+ try { w.document.title = title; } catch(E) { dump('**'+E+'\n'); }
+ }, 0
+ );
+ */
+ return w;
}
}
-----------------------------------------------------------------------
Summary of changes:
.../xul/staff_client/chrome/content/util/print.js | 50 +++++++------
.../xul/staff_client/chrome/content/util/window.js | 80 ++++++++++++++++++++
2 files changed, 108 insertions(+), 22 deletions(-)
hooks/post-receive
--
Evergreen ILS
More information about the open-ils-commits
mailing list