Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
浙江兰德纵横网络技术股份有限公司
o2oa
比较版本
cac1e731bc717f65e37662e2ac5f807bb8def6c2...709d689370ca01f863a45a46d2dbd8f431ce8e53
o2oa
项目概览
浙江兰德纵横网络技术股份有限公司
/
o2oa
通知
332
Star
10
Fork
6
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
o2oa
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
源分支
709d689370ca01f863a45a46d2dbd8f431ce8e53
选择Git版本
...
目标分支
cac1e731bc717f65e37662e2ac5f807bb8def6c2
选择Git版本
比较
Commits (2)
https://gitcode.net/O2OA/o2oa/-/commit/97a29ff83b27cfcb98d12bf37b1d67b02200bcf9
Merge branch 'hotfix/html注入安全性修复' into 'master'
2024-04-02T15:23:19+00:00
胡起
hq_1980@hotmail.com
hotfix/html注入安全性修复 See merge request o2oa/o2oa!2619 (cherry picked from commit <a href="/O2OA/o2oa/-/commit/cc9113edc5abf469476faf8be2cd5778279a68df" data-original="cc9113edc5abf469476faf8be2cd5778279a68df" data-link="false" data-link-reference="false" data-project="26821" data-commit="cc9113edc5abf469476faf8be2cd5778279a68df" data-reference-type="commit" data-container="body" data-placement="top" title="Merge branch 'hotfix/html注入安全性修复' into 'master'" class="gfm gfm-commit has-tooltip">cc9113ed</a>) <a href="/O2OA/o2oa/-/commit/7b2502629921c67d841c100d9cfa47bb03bd2877" data-original="7b250262" data-link="false" data-link-reference="false" data-project="26821" data-commit="7b2502629921c67d841c100d9cfa47bb03bd2877" data-reference-type="commit" data-container="body" data-placement="top" title="html注入安全性修复" class="gfm gfm-commit has-tooltip">7b250262</a> html注入安全性修复 <a href="/O2OA/o2oa/-/commit/e531673a7fb2fa9630353fd20d6084e37fb789ed" data-original="e531673a" data-link="false" data-link-reference="false" data-project="26821" data-commit="e531673a7fb2fa9630353fd20d6084e37fb789ed" data-reference-type="commit" data-container="body" data-placement="top" title="html注入安全性修复" class="gfm gfm-commit has-tooltip">e531673a</a> html注入安全性修复
https://gitcode.net/O2OA/o2oa/-/commit/709d689370ca01f863a45a46d2dbd8f431ce8e53
Merge branch 'cherry-pick-cc9113ed' into 'develop'
2024-04-02T15:23:31+00:00
胡起
hq_1980@hotmail.com
Merge branch 'hotfix/html注入安全性修复' into 'master' See merge request o2oa/o2oa!2623
隐藏空白更改
内联
并排
Showing
5 changed file
with
14 addition
and
14 deletion
+14
-14
o2web/source/o2_core/o2/xDesktop/Actions/RestActions.js
o2web/source/o2_core/o2/xDesktop/Actions/RestActions.js
+2
-2
o2web/source/o2_core/o2/xDesktop/Authentication.js
o2web/source/o2_core/o2/xDesktop/Authentication.js
+2
-2
o2web/source/x_component_Org/List.js
o2web/source/x_component_Org/List.js
+3
-3
o2web/source/x_component_Org/PersonExplorer.js
o2web/source/x_component_Org/PersonExplorer.js
+1
-1
o2web/source/x_component_cms_Xform/Form.js
o2web/source/x_component_cms_Xform/Form.js
+6
-6
未找到文件。
o2web/source/o2_core/o2/xDesktop/Actions/RestActions.js
浏览文件 @
709d6893
...
@@ -495,7 +495,7 @@ MWF.xDesktop.Actions.RestActions = new Class({
...
@@ -495,7 +495,7 @@ MWF.xDesktop.Actions.RestActions = new Class({
var
msg
=
{
var
msg
=
{
"
subject
"
:
MWF
.
LP
.
desktop
.
action
.
uploadTitle
,
"
subject
"
:
MWF
.
LP
.
desktop
.
action
.
uploadTitle
,
//"content": MWF.LP.desktop.action.uploadTitle+" : "+file.name+"<br/>"+contentHTML
//"content": MWF.LP.desktop.action.uploadTitle+" : "+file.name+"<br/>"+contentHTML
"
content
"
:
(
file
.
name
?
(
file
.
name
+
"
<br/>
"
)
:
""
)
+
contentHTML
"
content
"
:
(
file
.
name
?
(
o2
.
txt
(
file
.
name
)
+
"
<br/>
"
)
:
""
)
+
contentHTML
};
};
var
messageItem
=
layout
.
desktop
.
message
.
addMessage
(
msg
);
var
messageItem
=
layout
.
desktop
.
message
.
addMessage
(
msg
);
...
@@ -504,7 +504,7 @@ MWF.xDesktop.Actions.RestActions = new Class({
...
@@ -504,7 +504,7 @@ MWF.xDesktop.Actions.RestActions = new Class({
messageItem
.
close
=
function
(
callback
,
e
){
messageItem
.
close
=
function
(
callback
,
e
){
if
(
this
.
status
==
"
progress
"
){
if
(
this
.
status
==
"
progress
"
){
var
flag
=
false
;
var
flag
=
false
;
var
name
=
(
file
.
name
||
""
);
var
name
=
o2
.
txt
(
file
.
name
||
""
);
name
=
name
.
length
>
50
?
name
.
substr
(
0
,
50
)
+
"
...
"
:
name
;
name
=
name
.
length
>
50
?
name
.
substr
(
0
,
50
)
+
"
...
"
:
name
;
var
text
=
MWF
.
LP
.
desktop
.
action
.
cancelUpload
.
replace
(
/{name}/g
,
(
name
));
var
text
=
MWF
.
LP
.
desktop
.
action
.
cancelUpload
.
replace
(
/{name}/g
,
(
name
));
MWF
.
xDesktop
.
confirm
(
"
wram
"
,
e
,
MWF
.
LP
.
desktop
.
action
.
cancelUploadTitle
,
text
,
"
400
"
,
"
180
"
,
function
(){
MWF
.
xDesktop
.
confirm
(
"
wram
"
,
e
,
MWF
.
LP
.
desktop
.
action
.
cancelUploadTitle
,
text
,
"
400
"
,
"
180
"
,
function
(){
...
...
o2web/source/o2_core/o2/xDesktop/Authentication.js
浏览文件 @
709d6893
...
@@ -1816,8 +1816,8 @@ MWF.xDesktop.Authentication.ResetPasswordForm = new Class({
...
@@ -1816,8 +1816,8 @@ MWF.xDesktop.Authentication.ResetPasswordForm = new Class({
name
:
{
name
:
{
text
:
this
.
lp
.
userName
,
defaultValue
:
this
.
lp
.
userName
,
className
:
"
inputUser
"
,
text
:
this
.
lp
.
userName
,
defaultValue
:
this
.
lp
.
userName
,
className
:
"
inputUser
"
,
notEmpty
:
true
,
defaultValueAsEmpty
:
true
,
emptyTip
:
this
.
lp
.
inputYourUserName
,
notEmpty
:
true
,
defaultValueAsEmpty
:
true
,
emptyTip
:
this
.
lp
.
inputYourUserName
,
validRule
:
{
isInvalid
:
function
(
value
,
it
)
{
return
this
.
checkUserName
(
value
,
it
);
}.
bind
(
this
)
},
//
validRule: { isInvalid: function (value, it) { return this.checkUserName(value, it); }.bind(this) },
validMessage
:
{
isInvalid
:
this
.
lp
.
userNotExist
},
//
validMessage: { isInvalid: this.lp.userNotExist },
event
:
{
event
:
{
focus
:
function
(
it
)
{
if
(
this
.
lp
.
userName
===
it
.
getValue
())
it
.
setValue
(
""
);
if
(
!
it
.
warningStatus
)
it
.
getElements
()[
0
].
setStyles
(
this
.
css
.
inputActive
);
}.
bind
(
this
),
focus
:
function
(
it
)
{
if
(
this
.
lp
.
userName
===
it
.
getValue
())
it
.
setValue
(
""
);
if
(
!
it
.
warningStatus
)
it
.
getElements
()[
0
].
setStyles
(
this
.
css
.
inputActive
);
}.
bind
(
this
),
blur
:
function
(
it
)
{
if
(
it
.
getValue
()
===
""
)
it
.
setValue
(
this
.
lp
.
userName
);
if
(
!
it
.
warningStatus
)
it
.
getElements
()[
0
].
setStyles
(
this
.
css
.
inputUser
);
}.
bind
(
this
),
blur
:
function
(
it
)
{
if
(
it
.
getValue
()
===
""
)
it
.
setValue
(
this
.
lp
.
userName
);
if
(
!
it
.
warningStatus
)
it
.
getElements
()[
0
].
setStyles
(
this
.
css
.
inputUser
);
}.
bind
(
this
),
...
...
o2web/source/x_component_Org/List.js
浏览文件 @
709d6893
...
@@ -38,7 +38,7 @@ MWF.xApplication.Org.List = new Class({
...
@@ -38,7 +38,7 @@ MWF.xApplication.Org.List = new Class({
var
html
=
"
<table cellspacing='0' cellpadding='5' border='0' width='80%' align='center' style='line-height:normal; clear: both;'>
"
;
var
html
=
"
<table cellspacing='0' cellpadding='5' border='0' width='80%' align='center' style='line-height:normal; clear: both;'>
"
;
html
+=
"
<tr><th style='width:20px'></th>
"
;
html
+=
"
<tr><th style='width:20px'></th>
"
;
headers
.
each
(
function
(
title
){
headers
.
each
(
function
(
title
){
html
+=
"
<th style='
"
+
title
.
style
+
"
'>
"
+
title
.
text
+
"
</th>
"
;
html
+=
"
<th style='
"
+
title
.
style
+
"
'>
"
+
o2
.
txt
(
title
.
text
)
+
"
</th>
"
;
}.
bind
(
this
));
}.
bind
(
this
));
html
+=
"
</table>
"
;
html
+=
"
</table>
"
;
this
.
contentNode
.
set
(
"
html
"
,
html
);
this
.
contentNode
.
set
(
"
html
"
,
html
);
...
@@ -176,7 +176,7 @@ MWF.xApplication.Org.List.Item = new Class({
...
@@ -176,7 +176,7 @@ MWF.xApplication.Org.List.Item = new Class({
}
else
{
}
else
{
var
v
=
this
.
data
[
at
];
var
v
=
this
.
data
[
at
];
if
(
typeOf
(
v
)
===
"
array
"
)
v
=
v
.
join
(
"
,
"
);
if
(
typeOf
(
v
)
===
"
array
"
)
v
=
v
.
join
(
"
,
"
);
td
.
set
(
"
text
"
,
v
);
td
.
set
(
"
text
"
,
o2
.
txt
(
v
)
);
}
}
}
else
{
}
else
{
td
.
set
(
"
text
"
,
""
);
td
.
set
(
"
text
"
,
""
);
...
@@ -209,7 +209,7 @@ MWF.xApplication.Org.List.Item = new Class({
...
@@ -209,7 +209,7 @@ MWF.xApplication.Org.List.Item = new Class({
if
(
n
===
"
icon
"
){
if
(
n
===
"
icon
"
){
rows
.
push
(
"
<div>cc</div>
"
);
rows
.
push
(
"
<div>cc</div>
"
);
}
else
{
}
else
{
rows
.
push
(
this
.
data
[
n
]);
rows
.
push
(
t
ypeOf
(
this
.
data
[
n
])
===
'
string
'
?
o2
.
txt
(
this
.
data
[
n
])
:
t
his
.
data
[
n
]);
}
}
}
else
{
}
else
{
rows
.
push
(
""
);
rows
.
push
(
""
);
...
...
o2web/source/x_component_Org/PersonExplorer.js
浏览文件 @
709d6893
...
@@ -345,7 +345,7 @@ MWF.xApplication.Org.PersonExplorer.PersonContent = new Class({
...
@@ -345,7 +345,7 @@ MWF.xApplication.Org.PersonExplorer.PersonContent = new Class({
}
}
},
{
},
{
"
getHtml
"
:
function
(){
"
getHtml
"
:
function
(){
return
"
<div style='word-break: break-word;'>
"
+
this
.
distinguishedName
+
"
</div>
"
;
return
"
<div style='word-break: break-word;'>
"
+
o2
.
txt
(
this
.
distinguishedName
)
+
"
</div>
"
;
},
},
//"get": function(){ return this.distinguishedName; },
//"get": function(){ return this.distinguishedName; },
"
set
"
:
function
(
value
){
this
.
distinguishedName
=
value
;
}
"
set
"
:
function
(
value
){
this
.
distinguishedName
=
value
;
}
...
...
o2web/source/x_component_cms_Xform/Form.js
浏览文件 @
709d6893
...
@@ -1126,7 +1126,7 @@ MWF.xApplication.cms.Xform.Form = MWF.CMSForm = new Class(
...
@@ -1126,7 +1126,7 @@ MWF.xApplication.cms.Xform.Form = MWF.CMSForm = new Class(
if
(
!
flag
)
flag
=
MWF
.
xApplication
.
cms
.
Xform
.
LP
.
notValidation
;
if
(
!
flag
)
flag
=
MWF
.
xApplication
.
cms
.
Xform
.
LP
.
notValidation
;
if
(
typeOf
(
flag
)
===
"
string
"
)
{
if
(
typeOf
(
flag
)
===
"
string
"
)
{
if
(
flag
!==
"
true
"
)
{
if
(
flag
!==
"
true
"
)
{
this
.
app
.
notice
(
flag
,
"
error
"
);
this
.
app
.
notice
(
o2
.
txt
(
flag
)
,
"
error
"
);
return
false
;
return
false
;
}
}
}
else
if
(
flag
.
toString
()
!=
"
true
"
)
{
}
else
if
(
flag
.
toString
()
!=
"
true
"
)
{
...
@@ -1141,7 +1141,7 @@ MWF.xApplication.cms.Xform.Form = MWF.CMSForm = new Class(
...
@@ -1141,7 +1141,7 @@ MWF.xApplication.cms.Xform.Form = MWF.CMSForm = new Class(
if
(
!
flag
)
flag
=
MWF
.
xApplication
.
cms
.
Xform
.
LP
.
notValidation
;
if
(
!
flag
)
flag
=
MWF
.
xApplication
.
cms
.
Xform
.
LP
.
notValidation
;
if
(
typeOf
(
flag
)
===
"
string
"
)
{
if
(
typeOf
(
flag
)
===
"
string
"
)
{
if
(
flag
!==
"
true
"
)
{
if
(
flag
!==
"
true
"
)
{
this
.
app
.
notice
(
flag
,
"
error
"
);
this
.
app
.
notice
(
o2
.
txt
(
flag
)
,
"
error
"
);
return
false
;
return
false
;
}
}
}
else
if
(
flag
.
toString
()
!=
"
true
"
)
{
}
else
if
(
flag
.
toString
()
!=
"
true
"
)
{
...
@@ -1219,7 +1219,7 @@ MWF.xApplication.cms.Xform.Form = MWF.CMSForm = new Class(
...
@@ -1219,7 +1219,7 @@ MWF.xApplication.cms.Xform.Form = MWF.CMSForm = new Class(
this
.
closeWindowOnMobile
();
this
.
closeWindowOnMobile
();
}
else
{
}
else
{
if
(
this
.
businessData
.
document
.
title
)
{
if
(
this
.
businessData
.
document
.
title
)
{
this
.
app
.
notice
(
MWF
.
xApplication
.
cms
.
Xform
.
LP
.
documentDelayedPublished
+
"
: “
"
+
this
.
businessData
.
document
.
title
+
"
”
"
,
"
success
"
);
this
.
app
.
notice
(
MWF
.
xApplication
.
cms
.
Xform
.
LP
.
documentDelayedPublished
+
"
: “
"
+
o2
.
txt
(
this
.
businessData
.
document
.
title
)
+
"
”
"
,
"
success
"
);
}
else
{
}
else
{
this
.
app
.
notice
(
MWF
.
xApplication
.
cms
.
Xform
.
LP
.
documentDelayedPublished
,
"
success
"
);
this
.
app
.
notice
(
MWF
.
xApplication
.
cms
.
Xform
.
LP
.
documentDelayedPublished
,
"
success
"
);
}
}
...
@@ -1293,7 +1293,7 @@ MWF.xApplication.cms.Xform.Form = MWF.CMSForm = new Class(
...
@@ -1293,7 +1293,7 @@ MWF.xApplication.cms.Xform.Form = MWF.CMSForm = new Class(
}
else
{
}
else
{
if
(
slience
!==
true
){
if
(
slience
!==
true
){
if
(
this
.
businessData
.
document
.
title
)
{
if
(
this
.
businessData
.
document
.
title
)
{
this
.
app
.
notice
(
MWF
.
xApplication
.
cms
.
Xform
.
LP
.
documentPublished
+
"
: “
"
+
this
.
businessData
.
document
.
title
+
"
”
"
,
"
success
"
);
this
.
app
.
notice
(
MWF
.
xApplication
.
cms
.
Xform
.
LP
.
documentPublished
+
"
: “
"
+
o2
.
txt
(
this
.
businessData
.
document
.
title
)
+
"
”
"
,
"
success
"
);
}
else
{
}
else
{
this
.
app
.
notice
(
MWF
.
xApplication
.
cms
.
Xform
.
LP
.
documentPublished
,
"
success
"
);
this
.
app
.
notice
(
MWF
.
xApplication
.
cms
.
Xform
.
LP
.
documentPublished
,
"
success
"
);
}
}
...
@@ -1427,7 +1427,7 @@ MWF.xApplication.cms.Xform.Form = MWF.CMSForm = new Class(
...
@@ -1427,7 +1427,7 @@ MWF.xApplication.cms.Xform.Form = MWF.CMSForm = new Class(
this
.
documentAction
.
removeDocument
(
this
.
businessData
.
document
.
id
,
function
(
json
)
{
this
.
documentAction
.
removeDocument
(
this
.
businessData
.
document
.
id
,
function
(
json
)
{
this
.
fireEvent
(
"
afterDelete
"
);
this
.
fireEvent
(
"
afterDelete
"
);
if
(
this
.
app
&&
this
.
app
.
fireEvent
)
this
.
app
.
fireEvent
(
"
afterDelete
"
);
if
(
this
.
app
&&
this
.
app
.
fireEvent
)
this
.
app
.
fireEvent
(
"
afterDelete
"
);
this
.
app
.
notice
(
MWF
.
xApplication
.
cms
.
Xform
.
LP
.
documentDelete
+
"
: “
"
+
this
.
businessData
.
document
.
title
+
"
”
"
,
"
success
"
);
this
.
app
.
notice
(
MWF
.
xApplication
.
cms
.
Xform
.
LP
.
documentDelete
+
"
: “
"
+
o2
.
txt
(
this
.
businessData
.
document
.
title
)
+
"
”
"
,
"
success
"
);
this
.
options
.
autoSave
=
false
;
this
.
options
.
autoSave
=
false
;
this
.
options
.
saveOnClose
=
false
;
this
.
options
.
saveOnClose
=
false
;
this
.
fireEvent
(
"
postDelete
"
);
this
.
fireEvent
(
"
postDelete
"
);
...
@@ -1473,7 +1473,7 @@ MWF.xApplication.cms.Xform.Form = MWF.CMSForm = new Class(
...
@@ -1473,7 +1473,7 @@ MWF.xApplication.cms.Xform.Form = MWF.CMSForm = new Class(
debugger
;
debugger
;
_self
.
fireEvent
(
"
afterDelete
"
);
_self
.
fireEvent
(
"
afterDelete
"
);
if
(
_self
.
app
&&
_self
.
app
.
fireEvent
)
_self
.
app
.
fireEvent
(
"
afterDelete
"
);
if
(
_self
.
app
&&
_self
.
app
.
fireEvent
)
_self
.
app
.
fireEvent
(
"
afterDelete
"
);
_self
.
app
.
notice
(
MWF
.
xApplication
.
cms
.
Xform
.
LP
.
documentDelete
+
"
: “
"
+
_self
.
businessData
.
document
.
title
+
"
”
"
,
"
success
"
);
_self
.
app
.
notice
(
MWF
.
xApplication
.
cms
.
Xform
.
LP
.
documentDelete
+
"
: “
"
+
o2
.
txt
(
_self
.
businessData
.
document
.
title
)
+
"
”
"
,
"
success
"
);
_self
.
options
.
autoSave
=
false
;
_self
.
options
.
autoSave
=
false
;
_self
.
options
.
saveOnClose
=
false
;
_self
.
options
.
saveOnClose
=
false
;
_self
.
fireEvent
(
"
postDelete
"
);
_self
.
fireEvent
(
"
postDelete
"
);
...
...