修改密码加密和日程管理xss漏洞修复

o2web/source/o2_core/o2/xAction/services/x_organization_assemble_personal.js

 MWF.xAction.RestActions.Action["x_organization_assemble_personal"] = new Class({
     Extends: MWF.xAction.RestActions.Action,
     changePassword: function(oldPassword, password, morePassword, success, failure, async){
-        var data = {
-            "oldPassword": oldPassword,
-            "newPassword": password,
-            "confirmPassword": morePassword
-        };
-        this.action.invoke({"name": "changePassword", "async": async, "data": data, "success": success, "failure": failure});
+        if (layout.config.publicKey){
+            o2.load("../o2_lib/jsencrypt/jsencrypt.js", function(){
+                var encrypt = new JSEncrypt();
+                encrypt.setPublicKey("-----BEGIN PUBLIC KEY-----"+layout.config.publicKey+"-----END PUBLIC KEY-----");
+                var data = {
+                    "oldPassword": encrypt.encrypt(oldPassword),
+                    "newPassword": encrypt.encrypt(password),
+                    "confirmPassword": encrypt.encrypt(morePassword),
+                    "isEncrypted": "y"
+                };
+                this.action.invoke({"name": "changePassword", "async": async, "data": data, "success": success, "failure": failure});
+            }.bind(this));
+        }else{
+            var data = {
+                "oldPassword": oldPassword,
+                "newPassword": password,
+                "confirmPassword": morePassword
+            };
+            this.action.invoke({"name": "changePassword", "async": async, "data": data, "success": success, "failure": failure});
+        }
     },
     getPersonIcon: function(id){
         var uri = "/jaxrs/person/icon";

o2web/source/x_component_Calendar/Common.js

@@ -1479,7 +1479,7 @@ MWFCalendar.EventTooltip = new Class({
         var end = endD.format(this.lp.dateFormatAll) + "（" + this.lp.weeks.arr[endD.get("day")] + "）";
 
         var html =
-            "<div style='font-size: 16px;color:#333;padding:10px 10px 10px 20px;'>"+ data.title +"</div>"+
+            "<div style='font-size: 16px;color:#333;padding:10px 10px 10px 20px;'>"+ o2.common.encodeHtml(data.title) +"</div>"+
             "<div style='height:1px;margin:0px 20px;border-bottom:1px solid #ccc;'></div>"+
             "<table width='100%' bordr='0' cellpadding='7' cellspacing='0' style='margin:13px 13px 13px 13px;'>" +
             "<tr><td style='"+titleStyle+";' width='40'>"+this.lp.begin+":</td>" +

o2web/source/x_component_Calendar/ListView.js

@@ -394,14 +394,14 @@ MWF.xApplication.Calendar.ListView.View.Line = new Class({
 
         if( this.isWholeday ){
             this.node = new Element("tr",{
-                "html": "<td width='30'><div></div></td><td width='100'>"+this.app.lp.allDay+"</td><td>"+this.data.data.title +"</td><td>"+ (this.data.data.locationName || "") +"</td>"
+                "html": "<td width='30'><div></div></td><td width='100'>"+this.app.lp.allDay+"</td><td>"+o2.common.encodeHtml(this.data.data.title) +"</td><td>"+ (this.data.data.locationName || "") +"</td>"
             }).inject(this.container);
         }else{
             var bdate = this.data.start;
             var edate = this.data.end;
 
             this.node = new Element("tr",{
-                "html": "<td width='30'><div></div></td><td>"+bdate+"  -  "+edate+"</td><td>"+this.data.data.title +"</td><td>"+(this.data.data.locationName || "")  +"</td>"
+                "html": "<td width='30'><div></div></td><td>"+bdate+"  -  "+edate+"</td><td>"+o2.common.encodeHtml(this.data.data.title) +"</td><td>"+(this.data.data.locationName || "")  +"</td>"
             }).inject(this.container);
         }
         if( this.day.isToday ){