Change escape(this.value) and encode(this.value) calls in checkUrl attributes

to encodeURIComponent(this.value).  Escape is not sufficient, as it does not
encode +.  Function encode() in hudson-behavior.js is ok, but we can just use
a standard javascript function instead.
Marked encode() as deprecated.


git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@21546 71c3de6d-444a-0410-be80-ed276b4c234a

core/src/main/resources/hudson/lifecycle/WindowsInstallerLink/index.jelly

@@ -38,7 +38,7 @@ THE SOFTWARE.
           <form action="doInstall" method="post">
             <table>
               <f:entry title="${%Installation Directory}">
-                <f:textbox name="dir" value="${app.rootDir}" /><!-- checkUrl="'/install/checkDir?value='+escape(this.value)" -->
+                <f:textbox name="dir" value="${app.rootDir}" /><!-- checkUrl="'/install/checkDir?value='+encodeURIComponent(this.value)" -->
               </f:entry>
               <f:block>
                 <f:submit value="${%Install}" />
@@ -63,4 +63,4 @@ THE SOFTWARE.
       </j:choose>
     </l:main-panel>
   </l:layout>
-</j:jelly>
\ No newline at end of file
+</j:jelly>

core/src/main/resources/hudson/matrix/MatrixProject/configure-entries.jelly

@@ -90,7 +90,7 @@ THE SOFTWARE.
         <f:repeatable var="axis" items="${userAxes}" noAddButton="true" minimum="1">
           <table>
             <f:entry title="${%Name}">
-              <f:textbox name="axis.name" value="${axis.name}" checkUrl="'checkAxisName?value='+encode(this.value)"/>
+              <f:textbox name="axis.name" value="${axis.name}" checkUrl="'checkAxisName?value='+encodeURIComponent(this.value)"/>
             </f:entry>
             <f:entry title="${%Values}" help="/help/matrix/axis-value.html">
               <f:expandableTextbox name="axis.value" value="${axis.valueString}" />

core/src/main/resources/hudson/model/ProxyView/configure-entries.jelly

@@ -36,6 +36,6 @@ THE SOFTWARE.
 
         <f:textbox
             field="proxiedViewName"
-            checkUrl="'${rootURL}/${it.url}/viewExistsCheck?value='+escape(this.value)" />
+            checkUrl="'${rootURL}/${it.url}/viewExistsCheck?value='+encodeURIComponent(this.value)" />
  -->
-</j:jelly>
\ No newline at end of file
+</j:jelly>

core/src/main/resources/hudson/scm/browsers/FishEyeCVS/config.jelly

@@ -25,6 +25,6 @@ THE SOFTWARE.
 <j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form">
   <f:entry title="URL" help="/plugin/cvs/fisheye-cvs/url.html">
     <f:textbox name="fisheye.cvs.url" value="${browser.url}"
-        checkUrl="'${rootURL}/repositoryBrowser/FishEyeCVS/check?value='+escape(this.value)"/>
+        checkUrl="'${rootURL}/repositoryBrowser/FishEyeCVS/check?value='+encodeURIComponent(this.value)"/>
   </f:entry>
-</j:jelly>
\ No newline at end of file
+</j:jelly>

core/src/main/resources/hudson/security/GlobalMatrixAuthorizationStrategy/config.jelly

@@ -150,7 +150,7 @@ THE SOFTWARE.
         </j:if>
         <!-- validates the name -->
         "#${strategyid} TR.permission-row" : function(e) {
-          FormChecker.delayedCheck("${descriptorPath}/checkName?value="+encode(e.getAttribute("name")),"GET",e.firstChild);
+          FormChecker.delayedCheck("${descriptorPath}/checkName?value="+encodeURIComponent(e.getAttribute("name")),"GET",e.firstChild);
         }
       });
     </script>

core/src/main/resources/hudson/security/LDAPSecurityRealm/config.jelly

@@ -25,7 +25,7 @@ THE SOFTWARE.
 <j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form">
 	<f:entry title="${%Server}" help="/help/security/ldap/server.html">
 	  <f:textbox name="ldap.server" value="${instance.server}"
-            checkUrl="'${rootURL}/securityRealms/LDAPSecurityRealm/serverCheck?field=server&amp;server='+escape(this.value)+'&amp;managerDN='+escape(this.form.elements['ldap.managerDN'].value)+'&amp;managerPassword='+escape(this.form.elements['ldap.managerPassword'].value)"/>
+            checkUrl="'${rootURL}/securityRealms/LDAPSecurityRealm/serverCheck?field=server&amp;server='+encodeURIComponent(this.value)+'&amp;managerDN='+encodeURIComponent(this.form.elements['ldap.managerDN'].value)+'&amp;managerPassword='+encodeURIComponent(this.form.elements['ldap.managerPassword'].value)"/>
 	</f:entry>
   <f:advanced>
     <f:entry title="${%root DN}" help="/help/security/ldap/rootDN.html">
@@ -42,13 +42,13 @@ THE SOFTWARE.
     </f:entry>
     <f:entry title="${%Manager DN}" help="/help/security/ldap/managerDN.html">
       <f:textbox name="ldap.managerDN" value="${instance.managerDN}"
-      checkUrl="'${rootURL}/securityRealms/LDAPSecurityRealm/serverCheck?field=managerDN&amp;server='+escape(this.form.elements['ldap.server'].value)+'&amp;managerDN='+escape(this.value)+'&amp;managerPassword='+escape(this.form.elements['ldap.managerPassword'].value)"
+      checkUrl="'${rootURL}/securityRealms/LDAPSecurityRealm/serverCheck?field=managerDN&amp;server='+encodeURIComponent(this.form.elements['ldap.server'].value)+'&amp;managerDN='+encodeURIComponent(this.value)+'&amp;managerPassword='+encodeURIComponent(this.form.elements['ldap.managerPassword'].value)"
       />
     </f:entry>
     <f:entry title="${%Manager Password}" help="/help/security/ldap/managerPassword.html">
       <f:password name="ldap.managerPassword" value="${instance.managerPassword}"
-      checkUrl="'${rootURL}/securityRealms/LDAPSecurityRealm/serverCheck?field=password&amp;server='+escape(this.form.elements['ldap.server'].value)+'&amp;managerDN='+escape(this.form.elements['ldap.managerDN'].value)+'&amp;managerPassword='+escape(this.value)" 
+      checkUrl="'${rootURL}/securityRealms/LDAPSecurityRealm/serverCheck?field=password&amp;server='+encodeURIComponent(this.form.elements['ldap.server'].value)+'&amp;managerDN='+encodeURIComponent(this.form.elements['ldap.managerDN'].value)+'&amp;managerPassword='+encodeURIComponent(this.value)" 
       />
     </f:entry>
   </f:advanced>
-</j:jelly>
\ No newline at end of file
+</j:jelly>

core/src/main/resources/hudson/slaves/RetentionStrategy/Scheduled/config.jelly

@@ -25,9 +25,9 @@ THE SOFTWARE.
 <j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout"
          xmlns:t="/lib/hudson" xmlns:f="/lib/form">
     <f:entry title="${%Startup Schedule}" help="/help/project-config/timer-format.html">
-      <f:textarea name="slave.startupSpec" checkUrl="'${rootURL}/trigger/TimerTrigger/check?value='+escape(this.value)" value="${s.startupSpec}"/>
+      <f:textarea name="slave.startupSpec" checkUrl="'${rootURL}/trigger/TimerTrigger/check?value='+encodeURIComponent(this.value)" value="${s.startupSpec}"/>
     </f:entry>
     <f:entry title="${%Shutdown Schedule}" help="/help/project-config/timer-format.html">
-      <f:textarea name="slave.shutdownSpec" checkUrl="'${rootURL}/trigger/TimerTrigger/check?value='+escape(this.value)" value="${s.shutdownSpec}"/>
+      <f:textarea name="slave.shutdownSpec" checkUrl="'${rootURL}/trigger/TimerTrigger/check?value='+encodeURIComponent(this.value)" value="${s.shutdownSpec}"/>
     </f:entry>
-</j:jelly>
\ No newline at end of file
+</j:jelly>

core/src/main/resources/hudson/tasks/BuildTrigger/config.jelly

@@ -25,7 +25,7 @@ THE SOFTWARE.
 <j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form">
 	<f:entry title="${%Projects to build}">
 	  <f:textbox name="buildTrigger.childProjects" value="${instance.childProjectsValue}"
-               checkUrl="'descriptorByName/BuildTrigger/check?value='+escape(this.value)"/>
+               checkUrl="'descriptorByName/BuildTrigger/check?value='+encodeURIComponent(this.value)"/>
 	</f:entry>
   <j:if test="${descriptor.showEvenIfUnstableOption(targetType)}">
     <f:entry title="">
@@ -33,4 +33,4 @@ THE SOFTWARE.
       <label for="buildTrigger.evenIfUnstable">${%Trigger even if the build is unstable}</label>
     </f:entry>
   </j:if>
-</j:jelly>
\ No newline at end of file
+</j:jelly>

core/src/main/resources/hudson/tasks/Fingerprinter/config.jelly

@@ -26,7 +26,7 @@ THE SOFTWARE.
   <f:entry title="${%Files to fingerprint}"
     description="${%description}">
     <f:textbox name="fingerprint_targets" value="${instance.targets}"
-               checkUrl="'descriptorByName/Fingerprinter/check?value='+escape(this.value)" />
+               checkUrl="'descriptorByName/Fingerprinter/check?value='+encodeURIComponent(this.value)" />
   </f:entry>
   <f:entry title="">
     <f:checkbox name="fingerprint_artifacts" checked="${instance.recordBuildArtifacts}" />
@@ -36,4 +36,4 @@ THE SOFTWARE.
     <f:checkbox name="keepDependencies" checked="${it.keepDependencies}" />
     <label class="attach-previous">${%Keep the build logs of dependencies}</label> 
   </f:entry>
-</j:jelly>
\ No newline at end of file
+</j:jelly>

core/src/main/resources/hudson/tasks/JavadocArchiver/config.jelly

@@ -26,7 +26,7 @@ THE SOFTWARE.
   <f:entry title="${%Javadoc directory}"
     description="${%description}">
     <f:textbox name="javadoc_dir" value="${instance.javadocDir}"
-        checkUrl="'descriptorByName/JavadocArchiver/check?value='+escape(this.value)"/>
+        checkUrl="'descriptorByName/JavadocArchiver/check?value='+encodeURIComponent(this.value)"/>
   </f:entry>
   <f:entry help="/help/project-config/javadoc-keep-all.html">
     <f:checkbox name="keep_all" checked="${instance.keepAll}" />

core/src/main/resources/hudson/tasks/Shell/global.jelly

@@ -25,7 +25,7 @@ THE SOFTWARE.
 <j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form">
   <f:section title="${%Shell}">
     <f:entry title="${%Shell executable}" help="/help/shell/shellexe.html">
-      <f:textbox name="shell" value="${descriptor.shell}" checkUrl="'${rootURL}/builder/Shell/check?value='+encode(this.value)"/>
+      <f:textbox name="shell" value="${descriptor.shell}" checkUrl="'${rootURL}/builder/Shell/check?value='+encodeURIComponent(this.value)"/>
     </f:entry>
   </f:section>
-</j:jelly>
\ No newline at end of file
+</j:jelly>

core/src/main/resources/hudson/tasks/test/AggregatedTestResultPublisher/config.jelly

@@ -32,9 +32,9 @@ THE SOFTWARE.
         <f:entry title="${%Jobs to aggregate}"
                  help="/help/tasks/aggregate-test/manual-list.html">
           <f:textbox name="aggragatedTestResult.jobs" value="${instance.jobs}"
-                     checkUrl="'descriptorByName/AggregatedTestResultPublisher/check?value='+escape(this.value)"/>
+                     checkUrl="'descriptorByName/AggregatedTestResultPublisher/check?value='+encodeURIComponent(this.value)"/>
         </f:entry>        
       </f:optionalBlock>
     </table>
   </f:nested>
-</j:jelly>
\ No newline at end of file
+</j:jelly>

core/src/main/resources/hudson/triggers/SCMTrigger/config.jelly

@@ -24,6 +24,6 @@ THE SOFTWARE.
 
 <j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form">
   <f:entry title="${%Schedule}" help="/help/project-config/timer-format.html">
-    <f:textarea name="scmpoll_spec" checkUrl="'${rootURL}/trigger/TimerTrigger/check?value='+escape(this.value)" value="${instance.spec}"/>
+    <f:textarea name="scmpoll_spec" checkUrl="'${rootURL}/trigger/TimerTrigger/check?value='+encodeURIComponent(this.value)" value="${instance.spec}"/>
   </f:entry>
-</j:jelly>
\ No newline at end of file
+</j:jelly>

core/src/main/resources/hudson/triggers/TimerTrigger/config.jelly

@@ -24,6 +24,6 @@ THE SOFTWARE.
 
 <j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form">
   <f:entry title="${%Schedule}" help="/help/project-config/timer-format.html">
-    <f:textarea name="timer_spec" checkUrl="'${rootURL}/trigger/TimerTrigger/check?value='+escape(this.value)" value="${instance.spec}"/>
+    <f:textarea name="timer_spec" checkUrl="'${rootURL}/trigger/TimerTrigger/check?value='+encodeURIComponent(this.value)" value="${instance.spec}"/>
   </f:entry>
-</j:jelly>
\ No newline at end of file
+</j:jelly>

war/resources/scripts/hudson-behavior.js

@@ -129,7 +129,7 @@ function toValue(e) {
     var type = e.getAttribute("type");
     if(type!=null && type.toLowerCase()=="checkbox")
         return e.checked;
-    return encode(e.value);
+    return encodeURIComponent(e.value);
 }
 
 // find the nearest ancestor node that has the given tag name
@@ -880,6 +880,7 @@ function refreshPart(id,url) {
 /*
     Perform URL encode.
     Taken from http://www.cresc.co.jp/tech/java/URLencoding/JavaScript_URLEncoding.htm
+    @deprecated Use standard javascript method "encodeURIComponent" instead
 */
 function encode(str){
     var s, u;