Diffstat (limited to 'frontend/beta/js/Clipperz/PM/DataModel/DirectLogin.js') (more/less context) (ignore whitespace changes)
-rw-r--r-- | frontend/beta/js/Clipperz/PM/DataModel/DirectLogin.js | 22 |
1 files changed, 15 insertions, 7 deletions
diff --git a/frontend/beta/js/Clipperz/PM/DataModel/DirectLogin.js b/frontend/beta/js/Clipperz/PM/DataModel/DirectLogin.js index c0cfa3c..56d9d59 100644 --- a/frontend/beta/js/Clipperz/PM/DataModel/DirectLogin.js +++ b/frontend/beta/js/Clipperz/PM/DataModel/DirectLogin.js @@ -17,49 +17,49 @@ refer to http://www.clipperz.com. See the GNU Affero General Public License for more details. * You should have received a copy of the GNU Affero General Public License along with Clipperz. If not, see http://www.gnu.org/licenses/. */ if (typeof(Clipperz) == 'undefined') { Clipperz = {}; } if (typeof(Clipperz.PM) == 'undefined') { Clipperz.PM = {}; } if (typeof(Clipperz.PM.DataModel) == 'undefined') { Clipperz.PM.DataModel = {}; } //############################################################################# Clipperz.PM.DataModel.DirectLogin = function(args) { //MochiKit.Logging.logDebug(">>> new Clipperz.PM.DataModel.DirectLogin"); //console.log(">>> new Clipperz.PM.DataModel.DirectLogin - args: %o", args); //console.log("--- formData: %s", Clipperz.Base.serializeJSON(args.formData)); args = args || {}; //MochiKit.Logging.logDebug("--- new Clipperz.PM.DataModel.DirectLogin - args: " + Clipperz.Base.serializeJSON(MochiKit.Base.keys(args))); this._record = args.record || null; this._label = args.label || "unnamed record" this._reference = args.reference || Clipperz.PM.Crypto.randomKey(); - this._favicon = args.favicon || null; + this._favicon = Clipperz.Base.sanitizeFavicon(args.favicon) || null; this._bookmarkletVersion = args.bookmarkletVersion || "0.1"; this._directLoginInputs = null; this._formValues = args.formValues || {}; this.setFormData(args.formData || null); //console.log("=== formData: %o", this.formData()); if (args.legacyBindingData == null) { this.setBindingData(args.bindingData || null); } else { this.setLegacyBindingData(args.legacyBindingData); } this._fixedFavicon = null; // this._formValues = args.formValues || (this.hasValuesToSet() ? {} : null); //MochiKit.Logging.logDebug("<<< new Clipperz.PM.DataModel.DirectLogin"); return this; } Clipperz.PM.DataModel.DirectLogin.prototype = MochiKit.Base.update(null, { @@ -81,83 +81,91 @@ Clipperz.PM.DataModel.DirectLogin.prototype = MochiKit.Base.update(null, { //------------------------------------------------------------------------- 'reference': function() { return this._reference; }, //------------------------------------------------------------------------- 'label': function() { return this._label; }, 'setLabel': function(aValue) { this._label = aValue; }, //------------------------------------------------------------------------- 'favicon': function() { if (this._favicon == null) { var actionUrl; var hostname; - actionUrl = this.formData()['attributes']['action']; + actionUrl = this.action(); hostname = actionUrl.replace(/^https?:\/\/([^\/]*)\/.*/, '$1'); - this._favicon = "http://" + hostname + "/favicon.ico"; + this._favicon = Clipperz.Base.sanitizeFavicon("http://" + hostname + "/favicon.ico"); } return this._favicon; }, //------------------------------------------------------------------------- 'fixedFavicon': function() { var result; if (this._fixedFavicon == null) { result = this.favicon(); if (Clipperz_IEisBroken) { if (this.user().preferences().disableUnsecureFaviconLoadingForIE()) { if (result.indexOf('https://') != 0) { result = Clipperz.PM.Strings['defaultFaviconUrl_IE']; this.setFixedFavicon(result); } } } } else { result = this._fixedFavicon; } return result; }, 'setFixedFavicon': function(aValue) { this._fixedFavicon = aValue; }, + 'action': function () { + var result; + + result = Clipperz.Base.sanitizeUrl(this.formData()['attributes']['action']); + + return result; + }, + //------------------------------------------------------------------------- 'bookmarkletVersion': function() { return this._bookmarkletVersion; }, 'setBookmarkletVersion': function(aValue) { this._bookmarkletVersion = aValue; }, //------------------------------------------------------------------------- 'formData': function() { return this._formData; }, 'setFormData': function(aValue) { var formData; //MochiKit.Logging.logDebug(">>> DirectLogin.setFormData - " + Clipperz.Base.serializeJSON(aValue)); switch (this.bookmarkletVersion()) { case "0.2": formData = aValue; break; @@ -421,96 +429,96 @@ Clipperz.PM.DataModel.DirectLogin.prototype = MochiKit.Base.update(null, { /(^https?\:\/\/)?(.*)/.test(url); completeUrl = RegExp.$1 + username + ':' + password + '@' + RegExp.$2; } MochiKit.DOM.currentWindow().location.href = completeUrl; }, this)); }, //------------------------------------------------------------------------- 'runSubmitFormDirectLogin': function(aWindow) { MochiKit.DOM.withWindow(aWindow, MochiKit.Base.bind(function() { var formElement; var formSubmitFunction; var submitButtons; //MochiKit.Logging.logDebug("### runDirectLogin - 3"); // MochiKit.DOM.currentDocument().write('<html><head><title>' + this.label() + '</title><META http-equiv="Content-Type" content="text/html; charset=utf-8" /></head><body></body></html>') //MochiKit.Logging.logDebug("### runDirectLogin - 3.1"); MochiKit.DOM.appendChildNodes(MochiKit.DOM.currentDocument().body, MochiKit.DOM.H3(null, "Loading " + this.label() + " ...")); //MochiKit.Logging.logDebug("### runDirectLogin - 4"); //console.log(this.formData()['attributes']); formElement = MochiKit.DOM.FORM(MochiKit.Base.update({id:'directLoginForm'}, { 'method':this.formData()['attributes']['method'], - 'action':this.formData()['attributes']['action']})); + 'action': this.action()})); //MochiKit.Logging.logDebug("### runDirectLogin - 5"); formSubmitFunction = MochiKit.Base.method(formElement, 'submit'); //MochiKit.Logging.logDebug("### runDirectLogin - 6"); MochiKit.DOM.appendChildNodes(MochiKit.DOM.currentDocument().body, MochiKit.DOM.DIV({style:'display:none; visibility:hidden;'}, formElement) ); //MochiKit.Logging.logDebug("### runDirectLogin - 7"); MochiKit.DOM.appendChildNodes(formElement, MochiKit.Base.map( MochiKit.Base.methodcaller("formConfiguration"), this.directLoginInputs())); //MochiKit.Logging.logDebug("### runDirectLogin - 8"); submitButtons = MochiKit.Base.filter(function(anInputElement) { //MochiKit.Logging.logDebug("### runDirectLogin - 8.1 - " + anInputElement); //MochiKit.Logging.logDebug("### runDirectLogin - 8.2 - " + anInputElement.tagName); //MochiKit.Logging.logDebug("### runDirectLogin - 8.3 - " + anInputElement.getAttribute('type')); return ((anInputElement.tagName.toLowerCase() == 'input') && (anInputElement.getAttribute('type').toLowerCase() == 'submit')); }, formElement.elements) //MochiKit.Logging.logDebug("### runDirectLogin - 9"); if (submitButtons.length == 0) { //MochiKit.Logging.logDebug("### OLD submit") if (Clipperz_IEisBroken == true) { //MochiKit.Logging.logDebug("### runDirectLogin - 10"); formElement.submit(); } else { //MochiKit.Logging.logDebug("### runDirectLogin - 11"); formSubmitFunction(); } } else { //MochiKit.Logging.logDebug("### NEW submit") submitButtons[0].click(); } }, this)); }, //------------------------------------------------------------------------- 'runDirectLogin': function(aNewWindow) { var newWindow; //console.log("formData.attributes", this.formData()['attributes']); // if (/^javascript/.test(this.formData()['attributes']['action'])) { - if ((/^(https?|webdav|ftp)\:/.test(this.formData()['attributes']['action']) == false) && - (this.formData()['attributes']['type'] != 'http_auth')) - { + if ((/^(https?|webdav|ftp)\:/.test(this.action()) == false) && + (this.formData()['attributes']['type'] != 'http_auth') + ) { var messageBoxConfiguration; if (typeof(aNewWindow) != 'undefined') { aNewWindow.close(); } messageBoxConfiguration = {}; messageBoxConfiguration.title = Clipperz.PM.Strings['VulnerabilityWarning_Panel_title']; messageBoxConfiguration.msg = Clipperz.PM.Strings['VulnerabilityWarning_Panel_message']; messageBoxConfiguration.animEl = YAHOO.ext.Element.get("mainDiv"); messageBoxConfiguration.progress = false; messageBoxConfiguration.closable = false; messageBoxConfiguration.buttons = {'cancel': Clipperz.PM.Strings['VulnerabilityWarning_Panel_buttonLabel']}; Clipperz.YUI.MessageBox.show(messageBoxConfiguration); throw Clipperz.Base.exception.VulnerabilityIssue; } //MochiKit.Logging.logDebug("### runDirectLogin - 1 : " + Clipperz.Base.serializeJSON(this.serializedData())); if (typeof(aNewWindow) == 'undefined') { newWindow = window.open(Clipperz.PM.Strings['directLoginJumpPageUrl'], ""); } else { newWindow = aNewWindow; |