Skip to content

o2oa
o2oa

浙江兰德纵横网络技术股份有限公司 / o2oa

通知 332
Star 10
Fork 6
o2oa
o2oa

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

源分支
选择Git版本
...
目标分支
选择Git版本
 
Commits (2)
    https://gitcode.net/O2OA/o2oa/-/commit/97a29ff83b27cfcb98d12bf37b1d67b02200bcf9 Merge branch 'hotfix/html注入安全性修复' into 'master' 2024-04-02T15:23:19+00:00 胡起 hq_1980@hotmail.com hotfix/html注入安全性修复 See merge request o2oa/o2oa!2619 (cherry picked from commit <a href="/O2OA/o2oa/-/commit/cc9113edc5abf469476faf8be2cd5778279a68df" data-original="cc9113edc5abf469476faf8be2cd5778279a68df" data-link="false" data-link-reference="false" data-project="26821" data-commit="cc9113edc5abf469476faf8be2cd5778279a68df" data-reference-type="commit" data-container="body" data-placement="top" title="Merge branch 'hotfix/html注入安全性修复' into 'master'" class="gfm gfm-commit has-tooltip">cc9113ed</a>) <a href="/O2OA/o2oa/-/commit/7b2502629921c67d841c100d9cfa47bb03bd2877" data-original="7b250262" data-link="false" data-link-reference="false" data-project="26821" data-commit="7b2502629921c67d841c100d9cfa47bb03bd2877" data-reference-type="commit" data-container="body" data-placement="top" title="html注入安全性修复" class="gfm gfm-commit has-tooltip">7b250262</a> html注入安全性修复 <a href="/O2OA/o2oa/-/commit/e531673a7fb2fa9630353fd20d6084e37fb789ed" data-original="e531673a" data-link="false" data-link-reference="false" data-project="26821" data-commit="e531673a7fb2fa9630353fd20d6084e37fb789ed" data-reference-type="commit" data-container="body" data-placement="top" title="html注入安全性修复" class="gfm gfm-commit has-tooltip">e531673a</a> html注入安全性修复 https://gitcode.net/O2OA/o2oa/-/commit/709d689370ca01f863a45a46d2dbd8f431ce8e53 Merge branch 'cherry-pick-cc9113ed' into 'develop' 2024-04-02T15:23:31+00:00 胡起 hq_1980@hotmail.com Merge branch 'hotfix/html注入安全性修复' into 'master' See merge request o2oa/o2oa!2623
隐藏空白更改
内联 并排
Showing with 14 addition and 14 deletion
o2web/source/o2_core/o2/xDesktop/Actions/RestActions.js
浏览文件 @ 709d6893
...@@ -495,7 +495,7 @@ MWF.xDesktop.Actions.RestActions = new Class({ ...@@ -495,7 +495,7 @@ MWF.xDesktop.Actions.RestActions = new Class({
var msg = { var msg = {
"subject": MWF.LP.desktop.action.uploadTitle, "subject": MWF.LP.desktop.action.uploadTitle,
//"content": MWF.LP.desktop.action.uploadTitle+" : "+file.name+"<br/>"+contentHTML //"content": MWF.LP.desktop.action.uploadTitle+" : "+file.name+"<br/>"+contentHTML
"content": ( file.name ? (file.name+"<br/>") : "" )+contentHTML "content": ( file.name ? (o2.txt(file.name)+"<br/>") : "" )+contentHTML
}; };
var messageItem = layout.desktop.message.addMessage(msg); var messageItem = layout.desktop.message.addMessage(msg);
...@@ -504,7 +504,7 @@ MWF.xDesktop.Actions.RestActions = new Class({ ...@@ -504,7 +504,7 @@ MWF.xDesktop.Actions.RestActions = new Class({
messageItem.close = function(callback, e){ messageItem.close = function(callback, e){
if (this.status=="progress"){ if (this.status=="progress"){
var flag = false; var flag = false;
var name = (file.name||""); var name = o2.txt(file.name||"");
name = name.length > 50 ? name.substr(0, 50)+"..." : name; name = name.length > 50 ? name.substr(0, 50)+"..." : name;
var text = MWF.LP.desktop.action.cancelUpload.replace(/{name}/g, (name)); var text = MWF.LP.desktop.action.cancelUpload.replace(/{name}/g, (name));
MWF.xDesktop.confirm("wram", e, MWF.LP.desktop.action.cancelUploadTitle, text, "400", "180", function(){ MWF.xDesktop.confirm("wram", e, MWF.LP.desktop.action.cancelUploadTitle, text, "400", "180", function(){
......
o2web/source/o2_core/o2/xDesktop/Authentication.js
浏览文件 @ 709d6893
...@@ -1816,8 +1816,8 @@ MWF.xDesktop.Authentication.ResetPasswordForm = new Class({ ...@@ -1816,8 +1816,8 @@ MWF.xDesktop.Authentication.ResetPasswordForm = new Class({
name: { name: {
text: this.lp.userName, defaultValue: this.lp.userName, className: "inputUser", text: this.lp.userName, defaultValue: this.lp.userName, className: "inputUser",
notEmpty: true, defaultValueAsEmpty: true, emptyTip: this.lp.inputYourUserName, notEmpty: true, defaultValueAsEmpty: true, emptyTip: this.lp.inputYourUserName,
validRule: { isInvalid: function (value, it) { return this.checkUserName(value, it); }.bind(this) }, // validRule: { isInvalid: function (value, it) { return this.checkUserName(value, it); }.bind(this) },
validMessage: { isInvalid: this.lp.userNotExist }, // validMessage: { isInvalid: this.lp.userNotExist },
event: { event: {
focus: function (it) { if (this.lp.userName === it.getValue()) it.setValue(""); if (!it.warningStatus) it.getElements()[0].setStyles(this.css.inputActive); }.bind(this), focus: function (it) { if (this.lp.userName === it.getValue()) it.setValue(""); if (!it.warningStatus) it.getElements()[0].setStyles(this.css.inputActive); }.bind(this),
blur: function (it) { if (it.getValue() === "") it.setValue(this.lp.userName); if (!it.warningStatus) it.getElements()[0].setStyles(this.css.inputUser); }.bind(this), blur: function (it) { if (it.getValue() === "") it.setValue(this.lp.userName); if (!it.warningStatus) it.getElements()[0].setStyles(this.css.inputUser); }.bind(this),
......
o2web/source/x_component_Org/List.js
浏览文件 @ 709d6893
...@@ -38,7 +38,7 @@ MWF.xApplication.Org.List = new Class({ ...@@ -38,7 +38,7 @@ MWF.xApplication.Org.List = new Class({
var html = "<table cellspacing='0' cellpadding='5' border='0' width='80%' align='center' style='line-height:normal; clear: both;'>"; var html = "<table cellspacing='0' cellpadding='5' border='0' width='80%' align='center' style='line-height:normal; clear: both;'>";
html += "<tr><th style='width:20px'></th>"; html += "<tr><th style='width:20px'></th>";
headers.each(function(title){ headers.each(function(title){
html += "<th style='"+title.style+"'>"+title.text+"</th>"; html += "<th style='"+title.style+"'>"+o2.txt(title.text)+"</th>";
}.bind(this)); }.bind(this));
html += "</table>"; html += "</table>";
this.contentNode.set("html", html); this.contentNode.set("html", html);
...@@ -176,7 +176,7 @@ MWF.xApplication.Org.List.Item = new Class({ ...@@ -176,7 +176,7 @@ MWF.xApplication.Org.List.Item = new Class({
}else{ }else{
var v = this.data[at]; var v = this.data[at];
if (typeOf(v)==="array") v = v.join(","); if (typeOf(v)==="array") v = v.join(",");
td.set("text", v); td.set("text", o2.txt(v) );
} }
}else{ }else{
td.set("text", ""); td.set("text", "");
...@@ -209,7 +209,7 @@ MWF.xApplication.Org.List.Item = new Class({ ...@@ -209,7 +209,7 @@ MWF.xApplication.Org.List.Item = new Class({
if (n==="icon"){ if (n==="icon"){
rows.push("<div>cc</div>"); rows.push("<div>cc</div>");
}else{ }else{
rows.push(this.data[n]); rows.push(typeOf(this.data[n])==='string' ? o2.txt(this.data[n]) : this.data[n]);
} }
}else{ }else{
rows.push(""); rows.push("");
......
o2web/source/x_component_Org/PersonExplorer.js
浏览文件 @ 709d6893
...@@ -345,7 +345,7 @@ MWF.xApplication.Org.PersonExplorer.PersonContent = new Class({ ...@@ -345,7 +345,7 @@ MWF.xApplication.Org.PersonExplorer.PersonContent = new Class({
} }
}, { }, {
"getHtml": function(){ "getHtml": function(){
return "<div style='word-break: break-word;'>"+this.distinguishedName+"</div>"; return "<div style='word-break: break-word;'>"+o2.txt(this.distinguishedName)+"</div>";
}, },
//"get": function(){ return this.distinguishedName; }, //"get": function(){ return this.distinguishedName; },
"set": function(value){ this.distinguishedName = value; } "set": function(value){ this.distinguishedName = value; }
......
o2web/source/x_component_cms_Xform/Form.js
浏览文件 @ 709d6893
...@@ -1126,7 +1126,7 @@ MWF.xApplication.cms.Xform.Form = MWF.CMSForm = new Class( ...@@ -1126,7 +1126,7 @@ MWF.xApplication.cms.Xform.Form = MWF.CMSForm = new Class(
if (!flag) flag = MWF.xApplication.cms.Xform.LP.notValidation; if (!flag) flag = MWF.xApplication.cms.Xform.LP.notValidation;
if (typeOf(flag) === "string") { if (typeOf(flag) === "string") {
if (flag !== "true") { if (flag !== "true") {
this.app.notice(flag, "error"); this.app.notice(o2.txt(flag), "error");
return false; return false;
} }
} else if (flag.toString() != "true") { } else if (flag.toString() != "true") {
...@@ -1141,7 +1141,7 @@ MWF.xApplication.cms.Xform.Form = MWF.CMSForm = new Class( ...@@ -1141,7 +1141,7 @@ MWF.xApplication.cms.Xform.Form = MWF.CMSForm = new Class(
if (!flag) flag = MWF.xApplication.cms.Xform.LP.notValidation; if (!flag) flag = MWF.xApplication.cms.Xform.LP.notValidation;
if (typeOf(flag) === "string") { if (typeOf(flag) === "string") {
if (flag !== "true") { if (flag !== "true") {
this.app.notice(flag, "error"); this.app.notice(o2.txt(flag), "error");
return false; return false;
} }
} else if (flag.toString() != "true") { } else if (flag.toString() != "true") {
...@@ -1219,7 +1219,7 @@ MWF.xApplication.cms.Xform.Form = MWF.CMSForm = new Class( ...@@ -1219,7 +1219,7 @@ MWF.xApplication.cms.Xform.Form = MWF.CMSForm = new Class(
this.closeWindowOnMobile(); this.closeWindowOnMobile();
} else { } else {
if (this.businessData.document.title) { if (this.businessData.document.title) {
this.app.notice(MWF.xApplication.cms.Xform.LP.documentDelayedPublished + ": “" + this.businessData.document.title + "", "success"); this.app.notice(MWF.xApplication.cms.Xform.LP.documentDelayedPublished + ": “" + o2.txt(this.businessData.document.title) + "", "success");
} else { } else {
this.app.notice(MWF.xApplication.cms.Xform.LP.documentDelayedPublished, "success"); this.app.notice(MWF.xApplication.cms.Xform.LP.documentDelayedPublished, "success");
} }
...@@ -1293,7 +1293,7 @@ MWF.xApplication.cms.Xform.Form = MWF.CMSForm = new Class( ...@@ -1293,7 +1293,7 @@ MWF.xApplication.cms.Xform.Form = MWF.CMSForm = new Class(
} else { } else {
if( slience !== true ){ if( slience !== true ){
if (this.businessData.document.title) { if (this.businessData.document.title) {
this.app.notice(MWF.xApplication.cms.Xform.LP.documentPublished + ": “" + this.businessData.document.title + "", "success"); this.app.notice(MWF.xApplication.cms.Xform.LP.documentPublished + ": “" + o2.txt(this.businessData.document.title ) + "", "success");
} else { } else {
this.app.notice(MWF.xApplication.cms.Xform.LP.documentPublished, "success"); this.app.notice(MWF.xApplication.cms.Xform.LP.documentPublished, "success");
} }
...@@ -1427,7 +1427,7 @@ MWF.xApplication.cms.Xform.Form = MWF.CMSForm = new Class( ...@@ -1427,7 +1427,7 @@ MWF.xApplication.cms.Xform.Form = MWF.CMSForm = new Class(
this.documentAction.removeDocument(this.businessData.document.id, function (json) { this.documentAction.removeDocument(this.businessData.document.id, function (json) {
this.fireEvent("afterDelete"); this.fireEvent("afterDelete");
if (this.app && this.app.fireEvent) this.app.fireEvent("afterDelete"); if (this.app && this.app.fireEvent) this.app.fireEvent("afterDelete");
this.app.notice(MWF.xApplication.cms.Xform.LP.documentDelete + ": “" + this.businessData.document.title + "", "success"); this.app.notice(MWF.xApplication.cms.Xform.LP.documentDelete + ": “" + o2.txt(this.businessData.document.title) + "", "success");
this.options.autoSave = false; this.options.autoSave = false;
this.options.saveOnClose = false; this.options.saveOnClose = false;
this.fireEvent("postDelete"); this.fireEvent("postDelete");
...@@ -1473,7 +1473,7 @@ MWF.xApplication.cms.Xform.Form = MWF.CMSForm = new Class( ...@@ -1473,7 +1473,7 @@ MWF.xApplication.cms.Xform.Form = MWF.CMSForm = new Class(
debugger; debugger;
_self.fireEvent("afterDelete"); _self.fireEvent("afterDelete");
if (_self.app && _self.app.fireEvent) _self.app.fireEvent("afterDelete"); if (_self.app && _self.app.fireEvent) _self.app.fireEvent("afterDelete");
_self.app.notice(MWF.xApplication.cms.Xform.LP.documentDelete + ": “" + _self.businessData.document.title + "", "success"); _self.app.notice(MWF.xApplication.cms.Xform.LP.documentDelete + ": “" + o2.txt(_self.businessData.document.title) + "", "success");
_self.options.autoSave = false; _self.options.autoSave = false;
_self.options.saveOnClose = false; _self.options.saveOnClose = false;
_self.fireEvent("postDelete"); _self.fireEvent("postDelete");
......