Jump to content

[BUG+FIX] Names, descriptions categories and commands are interpreted

Francesco
 Share

Recommended Posts

Francesco

Francesco

Posted
Posted (edited)

How to reproduce

Write <IMG> in the name, category, category or in a command, it will be interpreted instead of being escaped. Or try adding & in the name of an application and notice how the name is truncated in the grid.

Cause

WPI doesn't do any sort of escaping when adding items to the grids.

Fix

In configwizard.js replace 

NavGrid.addRow(i,[configList[i].ordr,configList[i].cat,configList[i].uid,configList[i].prog]);

with 

NavGrid.addRow(i,[configList[i].ordr,ConvertSpecialCharactersToEntities(configList[i].cat),configList[i].uid,ConvertSpecialCharactersToEntities(configList[i].prog)]);

replace 

ConfigurationsGrid.addRow(i+3,[(CheckOnLoad==Configurations[i] ? 1 : 0),Configurations[i]]);

with 

ConfigurationsGrid.addRow(i+3,[(CheckOnLoad==Configurations[i] ? 1 : 0),ConvertSpecialCharactersToEntities(Configurations[i])]);

replace 

CommandsGrid.addRow(i,Commands[i]);

with 

CommandsGrid.addRow(i,ConvertSpecialCharactersToEntities(Commands[i]));

replace TWICE 

NavGrid.addRow(cpos,[configList[cpos].ordr,configList[cpos].cat,configList[cpos].uid,configList[cpos].prog]);

with 

NavGrid.addRow(cpos,[configList[cpos].ordr,ConvertSpecialCharactersToEntities(configList[cpos].cat.toString()),configList[cpos].uid,ConvertSpecialCharactersToEntities(configList[cpos].prog)]);

replace 

ConfigurationsGrid.addRow(ConfigurationsGrid.getRowsNum(),[0,document.getElementById("NewConfiguration").value]);

with 

ConfigurationsGrid.addRow(ConfigurationsGrid.getRowsNum(),[0,ConvertSpecialCharactersToEntities(document.getElementById("NewConfiguration").value)]);

replace 

SortOrderGrid.addRow(i,cats[i]);

with 

SortOrderGrid.addRow(i,ConvertSpecialCharactersToEntities(cats[i]));

replace 

SortOrderGrid.addRow(SortOrderGrid.getRowsNum(),configList[cpos].cat);

with 

SortOrderGrid.addRow(SortOrderGrid.getRowsNum(),ConvertSpecialCharactersToEntities(configList[cpos].cat));

replace 

NavGrid.cells(cpos,3).setValue(configList[cpos].prog);

with 

NavGrid.cells(cpos,3).setValue(ConvertSpecialCharactersToEntities(configList[cpos].prog));

replace 

NavGrid.cells(cpos,1).setValue(configList[cpos].cat);

with 

NavGrid.cells(cpos,1).setValue(ConvertSpecialCharactersToEntities(configList[cpos].cat));

replace 

NavGrid.cells(cpos,1).setValue(configList[cpos].cat);

with 

NavGrid.cells(cpos,1).setValue(ConvertSpecialCharactersToEntities(configList[cpos].cat));

replace 

CommandsGrid.cells(CommandsGrid.getSelectedRowId(),0).setValue(document.getElementById("cmd1").value);

with 

CommandsGrid.cells(CommandsGrid.getSelectedRowId(),0).setValue(ConvertSpecialCharactersToEntities(document.getElementById("cmd1").value));

replace 

Commands.splice(Commands.length,0,CommandsGrid.cells(CommandsGrid.getRowId(i),0).getValue());

with 

Commands.splice(Commands.length,0,RestoreSpecialCharactersFromEntities(CommandsGrid.cells(CommandsGrid.getRowId(i),0).getValue()));

and at the bottom of the file add 

function ConvertSpecialCharactersToEntities(text)
{
	return text.replace(/&/g, '&').replace(/</g, '<').replace(/>/g, '>');
}

function RestoreSpecialCharactersFromEntities(text)
{
	return text.replace(/&/g, '&').replace(/</g, '<').replace(/>/g, '>');
}

Edited by Francesco

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...