[BUG+FIX] Names, descriptions categories and commands are interpreted

**Francesco** · September 11, 2011

How to reproduce

Write <IMG> in the name, category, category or in a command, it will be interpreted instead of being escaped. Or try adding & in the name of an application and notice how the name is truncated in the grid.

Cause

WPI doesn't do any sort of escaping when adding items to the grids.

Fix

In configwizard.js replace

NavGrid.addRow(i,[configList[i].ordr,configList[i].cat,configList[i].uid,configList[i].prog]);

with

NavGrid.addRow(i,[configList[i].ordr,ConvertSpecialCharactersToEntities(configList[i].cat),configList[i].uid,ConvertSpecialCharactersToEntities(configList[i].prog)]);

replace

ConfigurationsGrid.addRow(i+3,[(CheckOnLoad==Configurations[i] ? 1 : 0),Configurations[i]]);

with

ConfigurationsGrid.addRow(i+3,[(CheckOnLoad==Configurations[i] ? 1 : 0),ConvertSpecialCharactersToEntities(Configurations[i])]);

replace

CommandsGrid.addRow(i,Commands[i]);

with

CommandsGrid.addRow(i,ConvertSpecialCharactersToEntities(Commands[i]));

replace TWICE

NavGrid.addRow(cpos,[configList[cpos].ordr,configList[cpos].cat,configList[cpos].uid,configList[cpos].prog]);

with

NavGrid.addRow(cpos,[configList[cpos].ordr,ConvertSpecialCharactersToEntities(configList[cpos].cat.toString()),configList[cpos].uid,ConvertSpecialCharactersToEntities(configList[cpos].prog)]);

replace

ConfigurationsGrid.addRow(ConfigurationsGrid.getRowsNum(),[0,document.getElementById("NewConfiguration").value]);

with

ConfigurationsGrid.addRow(ConfigurationsGrid.getRowsNum(),[0,ConvertSpecialCharactersToEntities(document.getElementById("NewConfiguration").value)]);

replace

SortOrderGrid.addRow(i,cats[i]);

with

SortOrderGrid.addRow(i,ConvertSpecialCharactersToEntities(cats[i]));

replace

SortOrderGrid.addRow(SortOrderGrid.getRowsNum(),configList[cpos].cat);

with

SortOrderGrid.addRow(SortOrderGrid.getRowsNum(),ConvertSpecialCharactersToEntities(configList[cpos].cat));

replace

NavGrid.cells(cpos,3).setValue(configList[cpos].prog);

with

NavGrid.cells(cpos,3).setValue(ConvertSpecialCharactersToEntities(configList[cpos].prog));

replace

NavGrid.cells(cpos,1).setValue(configList[cpos].cat);

with

NavGrid.cells(cpos,1).setValue(ConvertSpecialCharactersToEntities(configList[cpos].cat));

replace

NavGrid.cells(cpos,1).setValue(configList[cpos].cat);

with

NavGrid.cells(cpos,1).setValue(ConvertSpecialCharactersToEntities(configList[cpos].cat));

replace

CommandsGrid.cells(CommandsGrid.getSelectedRowId(),0).setValue(document.getElementById("cmd1").value);

with

CommandsGrid.cells(CommandsGrid.getSelectedRowId(),0).setValue(ConvertSpecialCharactersToEntities(document.getElementById("cmd1").value));

replace

Commands.splice(Commands.length,0,CommandsGrid.cells(CommandsGrid.getRowId(i),0).getValue());

with

Commands.splice(Commands.length,0,RestoreSpecialCharactersFromEntities(CommandsGrid.cells(CommandsGrid.getRowId(i),0).getValue()));

and at the bottom of the file add

function ConvertSpecialCharactersToEntities(text)
{
	return text.replace(/&/g, '&').replace(/</g, '<').replace(/>/g, '>');
}

function RestoreSpecialCharactersFromEntities(text)
{
	return text.replace(/&/g, '&').replace(/</g, '<').replace(/>/g, '>');
}

Edited September 21, 2011 by Francesco

**Kelsenellenelvian** · September 12, 2011

Done

Sign In

[BUG+FIX] Names, descriptions categories and commands are interpreted

Recommended Posts

Francesco

Kelsenellenelvian

Create an account or sign in to comment

Create an account

Sign in

Recently Browsing 0 members

Activity

Browse