haiwen/seahub
1
0
Fork 0
mirror of https://github.com/haiwen/seahub.git synced 2025-09-20 10:58:33 +00:00
Code Issues Releases Wiki Activity

[share] added necessary 'escape'

Browse Source
This commit is contained in:
llj
2015-03-19 18:28:34 +08:00
committed by Daniel Pan
parent 1721c06ff4
commit 8ba4fe28c9
2 changed files with 8 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
media/scripts/app/views/share.js
View File

@@ -51,7 +51,7 @@ define([
render: function () { render: function () {
this.$el.html(this.template({ this.$el.html(this.template({
title: gettext("Share {placeholder}") title: gettext("Share {placeholder}")
.replace('{placeholder}', '<span class="op-target">' + this.obj_name + '</span>'), .replace('{placeholder}', '<span class="op-target">' + Common.HTMLescape(this.obj_name) + '</span>'),
is_dir: this.is_dir, is_dir: this.is_dir,
is_repo_owner: this.is_repo_owner, is_repo_owner: this.is_repo_owner,
is_virtual: this.is_virtual, is_virtual: this.is_virtual,
@@ -281,11 +281,11 @@ define([
var after_op_success = function(data) { var after_op_success = function(data) {
$.modal.close(); $.modal.close();
var msg = gettext("Successfully sent to {placeholder}") var msg = gettext("Successfully sent to {placeholder}")
.replace('{placeholder}', data['send_success'].join(', ')); .replace('{placeholder}', Common.HTMLescape(data['send_success'].join(', ')));
Common.feedback(msg, 'success'); Common.feedback(msg, 'success');
if (data['send_failed'].length > 0) { if (data['send_failed'].length > 0) {
msg += '<br />' + gettext("Failed to send to {placeholder}") msg += '<br />' + gettext("Failed to send to {placeholder}")
.replace('{placeholder}', data['send_failed'].join(', ')); .replace('{placeholder}', Common.HTMLescape(data['send_failed'].join(', ')));
Common.feedback(msg, 'info'); Common.feedback(msg, 'info');
} }
}; };
@@ -452,11 +452,11 @@ define([
var after_op_success = function (data) { var after_op_success = function (data) {
$.modal.close(); $.modal.close();
var msg = gettext("Successfully shared to {placeholder}") var msg = gettext("Successfully shared to {placeholder}")
.replace('{placeholder}', data['shared_success'].join(', ')); .replace('{placeholder}', Common.HTMLescape(data['shared_success'].join(', ')));
Common.feedback(msg, 'success'); Common.feedback(msg, 'success');
if (data['shared_failed'].length > 0) { if (data['shared_failed'].length > 0) {
msg += '<br />' + gettext("Failed to share to {placeholder}") msg += '<br />' + gettext("Failed to share to {placeholder}")
.replace('{placeholder}', data['shared_failed'].join(', ')); .replace('{placeholder}', Common.HTMLescape(data['shared_failed'].join(', ')));
Common.feedback(msg, 'info'); Common.feedback(msg, 'info');
} }
}; };
@@ -534,11 +534,11 @@ define([
var after_op_success = function(data) { var after_op_success = function(data) {
$.modal.close(); $.modal.close();
var msg = gettext("Successfully shared to {placeholder}") var msg = gettext("Successfully shared to {placeholder}")
.replace('{placeholder}', data['shared_success'].join(', ')); .replace('{placeholder}', Common.HTMLescape(data['shared_success'].join(', ')));
Common.feedback(msg, 'success'); Common.feedback(msg, 'success');
if (data['shared_failed'].length > 0) { if (data['shared_failed'].length > 0) {
msg += '<br />' + gettext("Failed to share to {placeholder}") msg += '<br />' + gettext("Failed to share to {placeholder}")
.replace('{placeholder}', data['shared_failed'].join(', ')); .replace('{placeholder}', Common.HTMLescape(data['shared_failed'].join(', ')));
Common.feedback(msg, 'info'); Common.feedback(msg, 'info');
} }
}; };

3
seahub/share/views.py
View File

@@ -1368,7 +1368,6 @@ def ajax_get_upload_link(request):
username=username).filter(path=path) username=username).filter(path=path)
if len(l) > 0: if len(l) > 0:
token = l[0].token token = l[0].token
print token
data = { data = {
'upload_link': gen_shared_upload_link(token), 'upload_link': gen_shared_upload_link(token),
'token': token, 'token': token,
@@ -1572,7 +1571,7 @@ def ajax_private_share_dir(request):
if not check_user_share_quota(username, shared_repo, users=share_to_users, if not check_user_share_quota(username, shared_repo, users=share_to_users,
groups=share_to_groups): groups=share_to_groups):
result['error'] = _(('Failed to share "%s", no enough quota. <a href="http://seafile.com/">Upgrade account.</a>') % shared_repo.name) result['error'] = _(('Failed to share "%s", no enough quota. <a href="http://seafile.com/">Upgrade account.</a>') % escape(shared_repo.name))
return HttpResponse(json.dumps(result), status=400, content_type=content_type) return HttpResponse(json.dumps(result), status=400, content_type=content_type)
for email in share_to_users: for email in share_to_users: