sipwise
/
ngcp-panel
mirror of https://github.com/sipwise/ngcp-panel.git
1
0
Fork 0
Code Issues Releases Wiki Activity

TT#63402 escape localized strings used in js arguments

Browse Source 
Change-Id: I61f3c77e7bd1fd4ac9e9b952ceecfa233bdbdbf1
changes/45/31845/1
Rene Krenn 6 years ago
parent d0a87f42e3
commit 05958e4e68
14 changed files with 54 additions and 37 deletions

16
lib/Catalyst/Plugin/EscapeJs.pm
Unescape View File

@ -0,0 +1,16 @@
package Catalyst::Plugin::EscapeJs;
use warnings;
use strict;
use MRO::Compat;
sub escape_js {
my $c = shift;
my $str = shift;
my $quote_char = shift;
$quote_char //= "'";
$str =~ s/\\/\\\\/g;
$str =~ s/$quote_char/\\$quote_char/g;
return $str;
}
1;

1
lib/NGCP/Panel.pm
Unescape View File

@ -27,6 +27,7 @@ use Catalyst qw/
Session::Store::Redis
Session::State::Cookie
EscapeSensitiveValue
EscapeJs
I18N
/;
use Log::Log4perl::Catalyst qw();

12
share/layout/body.tt
Unescape View File

@ -145,7 +145,7 @@ var mainWrapperInit = function () {
$('.sw_action_row').hover(
function() { $(this).find('.sw_actions').css('visibility','visible'); },
function() { $(this).find('.sw_actions').css('visibility','hidden'); }
);
);
$('a[data-confirm]').live("click", function(ev) {
var href = $(this).attr('href');
@ -154,15 +154,15 @@ var mainWrapperInit = function () {
$('body').append(
'<div id="dataConfirmModal" class="modal" role="dialog" aria-labelledby="dataConfirmLabel" aria-hidden="true">'+
'<div class="modal-header">'+
'<h3 id="dataConfirmLabel">[% c.loc('Are you sure?') %]</h3>'+
'<h3 id="dataConfirmLabel">[% c.escape_js(c.loc('Are you sure?')) %]</h3>'+
'</div>'+
'<div class="modal-footer">'+
'<button class="btn" data-dismiss="modal" aria-hidden="true" id="dataConfirmCancel">[% c.loc('Cancel') %]</button>'+
'<a class="btn btn-primary" id="dataConfirmOK">[% c.loc('OK') %]</a>'+
'<button class="btn" data-dismiss="modal" aria-hidden="true" id="dataConfirmCancel">[% c.escape_js(c.loc('Cancel')) %]</button>'+
'<a class="btn btn-primary" id="dataConfirmOK">[% c.escape_js(c.loc('OK')) %]</a>'+
'</div>'+
'</div>'
);
}
}
$('#dataConfirmOK').attr('href', href);
if( href.search(/^javascript:/i ) > -1 ){
$('#dataConfirmOK').attr('onclick', href);
@ -205,7 +205,7 @@ var mainWrapperInit = function () {
var backuri = $(this).data('backuri') ? $(this).data('backuri') : '[%- backuri | uri -%]';
var _back = 'back='+backuri;
if(_href == null || _href.match(/[&\?]back=/)) {
// ignore
// ignore
} else if(_href.match(/\?/)) {
$(this).attr('href', _href + '&' + _back);
} else {

8
share/templates/widgets/admin_billing_overview.tt
Unescape View File

@ -4,21 +4,21 @@ enqueLists.push([{
widgetName: "AdminBillingOverview",
cb: function(data) {
//console.log(data);
$("#admin_billing_overview_lazy_items_list").append('<li><strong>' + sprintf('%.02f',data.widget_data / 100.0) + '</strong> [% c.loc('Peering Costs') %]</li>');
$("#admin_billing_overview_lazy_items_list").append('<li><strong>' + sprintf('%.02f',data.widget_data / 100.0) + '</strong> [% c.escape_js(c.loc('Peering Costs')) %]</li>');
}
},{
res: 'reseller_sum',
widgetName: "AdminBillingOverview",
cb: function(data) {
//console.log(data);
$("#admin_billing_overview_lazy_items_list").append('<li><strong>' + sprintf('%.02f',data.widget_data / 100.0) + '</strong> [% c.loc('Reseller Revenue') %]</li>');
$("#admin_billing_overview_lazy_items_list").append('<li><strong>' + sprintf('%.02f',data.widget_data / 100.0) + '</strong> [% c.escape_js(c.loc('Reseller Revenue')) %]</li>');
}
},{
res: 'customer_sum',
widgetName: "AdminBillingOverview",
cb: function(data) {
//console.log(data);
$("#admin_billing_overview_lazy_items_list").append('<li><strong>' + sprintf('%.02f',data.widget_data / 100.0) + '</strong> [% c.loc('Customer Revenue') %]</li>');
$("#admin_billing_overview_lazy_items_list").append('<li><strong>' + sprintf('%.02f',data.widget_data / 100.0) + '</strong> [% c.escape_js(c.loc('Customer Revenue')) %]</li>');
}
},{
res: 'profiles_count',
@ -29,7 +29,7 @@ enqueLists.push([{
$("#admin_billing_overview_lazy_items_header").append(
'<div class="plan-price">' +
'<span>' + data.widget_data + '</span>' +
'<span class="term">' + (data.widget_data == 1 ? '[% c.loc('Billing Profile') %]' : '[% c.loc('Billing Profiles') %]') + '</span>' +
'<span class="term">' + (data.widget_data == 1 ? '[% c.escape_js(c.loc('Billing Profile')) %]' : '[% c.escape_js(c.loc('Billing Profiles')) %]') + '</span>' +
'</div>');
}
}]);

6
share/templates/widgets/admin_peering_overview.tt
Unescape View File

@ -4,14 +4,14 @@ enqueLists.push([{
widgetName: "AdminPeeringOverview",
cb: function(data) {
//console.log(data);
$("#admin_peering_overview_lazy_items_list").append('<li><strong>' + data.widget_data + '</strong> ' + (data.widget_data == 1 ? '[% c.loc('Peering Server') %]' : '[% c.loc('Peering Servers') %]') + '</li>');
$("#admin_peering_overview_lazy_items_list").append('<li><strong>' + data.widget_data + '</strong> ' + (data.widget_data == 1 ? '[% c.escape_js(c.loc('Peering Server')) %]' : '[% c.escape_js(c.loc('Peering Servers')) %]') + '</li>');
}
},{
res: 'rules_count',
widgetName: "AdminPeeringOverview",
cb: function(data) {
//console.log(data);
$("#admin_peering_overview_lazy_items_list").append('<li><strong>' + data.widget_data + '</strong> ' + (data.widget_data == 1 ? '[% c.loc('Peering Rule') %]' : '[% c.loc('Peering Rules') %]') + '</li>');
$("#admin_peering_overview_lazy_items_list").append('<li><strong>' + data.widget_data + '</strong> ' + (data.widget_data == 1 ? '[% c.escape_js(c.loc('Peering Rule')) %]' : '[% c.escape_js(c.loc('Peering Rules')) %]') + '</li>');
}
},{
res: 'groups_count',
@ -22,7 +22,7 @@ enqueLists.push([{
$("#admin_peering_overview_lazy_items_header").append(
'<div class="plan-price">' +
'<span>' + data.widget_data + '</span>' +
'<span class="term">' + (data.widget_data == 1 ? '[% c.loc('Peering Group') %]' : '[% c.loc('Peering Groups') %]') + '</span>' +
'<span class="term">' + (data.widget_data == 1 ? '[% c.escape_js(c.loc('Peering Group')) %]' : '[% c.escape_js(c.loc('Peering Groups')) %]') + '</span>' +
'</div>');
}
}]);

8
share/templates/widgets/admin_reseller_overview.tt
Unescape View File

@ -4,21 +4,21 @@ enqueLists.push([{
widgetName: "AdminResellerOverview",
cb: function(data) {
//console.log(data);
$("#admin_reseller_overview_lazy_items_list").append('<li><strong>' + data.widget_data + '</strong> ' + (data.widget_data == 1 ? '[% c.loc('Domain') %]' : '[% c.loc('Domains') %]') + '</li>');
$("#admin_reseller_overview_lazy_items_list").append('<li><strong>' + data.widget_data + '</strong> ' + (data.widget_data == 1 ? '[% c.escape_js(c.loc('Domain')) %]' : '[% c.escape_js(c.loc('Domains')) %]') + '</li>');
}
},{
res: 'customers_count',
widgetName: "AdminResellerOverview",
cb: function(data) {
//console.log(data);
$("#admin_reseller_overview_lazy_items_list").append('<li><strong>' + data.widget_data + '</strong> ' + (data.widget_data == 1 ? '[% c.loc('Customer') %]' : '[% c.loc('Customers') %]') + '</li>');
$("#admin_reseller_overview_lazy_items_list").append('<li><strong>' + data.widget_data + '</strong> ' + (data.widget_data == 1 ? '[% c.escape_js(c.loc('Customer')) %]' : '[% c.escape_js(c.loc('Customers')) %]') + '</li>');
}
},{
res: 'subscribers_count',
widgetName: "AdminResellerOverview",
cb: function(data) {
//console.log(data);
$("#admin_reseller_overview_lazy_items_list").append('<li><strong>' + data.widget_data + '</strong> ' + (data.widget_data == 1 ? '[% c.loc('Subscriber') %]' : '[% c.loc('Subscribers') %]') + '</li>');
$("#admin_reseller_overview_lazy_items_list").append('<li><strong>' + data.widget_data + '</strong> ' + (data.widget_data == 1 ? '[% c.escape_js(c.loc('Subscriber')) %]' : '[% c.escape_js(c.loc('Subscribers')) %]') + '</li>');
}
},{
res: 'resellers_count',
@ -29,7 +29,7 @@ enqueLists.push([{
$("#admin_reseller_overview_lazy_items_header").append(
'<div class="plan-price">' +
'<span>' + data.widget_data + '</span>' +
'<span class="term">' + (data.widget_data == 1 ? '[% c.loc('Reseller') %]' : '[% c.loc('Resellers') %]') + '</span>' +
'<span class="term">' + (data.widget_data == 1 ? '[% c.escape_js(c.loc('Reseller')) %]' : '[% c.escape_js(c.loc('Resellers')) %]') + '</span>' +
'</div>');
}
}]);

4
share/templates/widgets/admin_system_overview.tt
Unescape View File

@ -15,7 +15,7 @@ enqueLists.push([{
//console.log(data);
var txt = data.widget_data.text;
var col = data.widget_data.color;
$("#admin_system_overview_lazy_items_list").append('<li>[% c.loc('System') %] <strong style="color:' + col + '">' + txt + '</strong></li>');
$("#admin_system_overview_lazy_items_list").append('<li>[% c.escape_js(c.loc('System')) %] <strong style="color:' + col + '">' + txt + '</strong></li>');
}
},{
res: 'hardware',
@ -24,7 +24,7 @@ enqueLists.push([{
//console.log(data);
var txt = data.widget_data.text;
var col = data.widget_data.color;
$("#admin_system_overview_lazy_items_list").append('<li>[% c.loc('Hardware') %] <strong style="color:' + col + '">' + txt + '</strong></li>');
$("#admin_system_overview_lazy_items_list").append('<li>[% c.escape_js(c.loc('Hardware')) %] <strong style="color:' + col + '">' + txt + '</strong></li>');
}
},{
res: 'overall_status',

6
share/templates/widgets/reseller_billing_overview.tt
Unescape View File

@ -4,14 +4,14 @@ enqueLists.push([{
widgetName: "ResellerBillingOverview",
cb: function(data) {
//console.log(data);
$("#reseller_billing_overview_lazy_items_list").append('<li><strong>' + sprintf('%.02f',data.widget_data / 100.0) + '</strong> [% c.loc('Reseller Cost') %]</li>');
$("#reseller_billing_overview_lazy_items_list").append('<li><strong>' + sprintf('%.02f',data.widget_data / 100.0) + '</strong> [% c.escape_js(c.loc('Reseller Cost')) %]</li>');
}
},{
res: 'customer_sum',
widgetName: "ResellerBillingOverview",
cb: function(data) {
//console.log(data);
$("#reseller_billing_overview_lazy_items_list").append('<li><strong>' + sprintf('%.02f',data.widget_data / 100.0) + '</strong> [% c.loc('Customer Revenue') %]</li>');
$("#reseller_billing_overview_lazy_items_list").append('<li><strong>' + sprintf('%.02f',data.widget_data / 100.0) + '</strong> [% c.escape_js(c.loc('Customer Revenue')) %]</li>');
}
},{
res: 'profiles_count',
@ -22,7 +22,7 @@ enqueLists.push([{
$("#reseller_billing_overview_lazy_items_header").append(
'<div class="plan-price">' +
'<span>' + data.widget_data + '</span>' +
'<span class="term">' + (data.widget_data == 1 ? '[% c.loc('Billing Profile') %]' : '[% c.loc('Billing Profiles') %]') + '</span>' +
'<span class="term">' + (data.widget_data == 1 ? '[% c.escape_js(c.loc('Billing Profile')) %]' : '[% c.escape_js(c.loc('Billing Profiles')) %]') + '</span>' +
'</div>');
}
}]);

6
share/templates/widgets/reseller_customer_overview.tt
Unescape View File

@ -4,14 +4,14 @@ enqueLists.push([{
widgetName: "ResellerCustomerOverview",
cb: function(data) {
//console.log(data);
$("#reseller_customer_overview_lazy_items_list").append('<li><strong>' + data.widget_data + '</strong> ' + (data.widget_data == 1 ? '[% c.loc('Contact') %]' : '[% c.loc('Contacts') %]') + '</li>');
$("#reseller_customer_overview_lazy_items_list").append('<li><strong>' + data.widget_data + '</strong> ' + (data.widget_data == 1 ? '[% c.escape_js(c.loc('Contact')) %]' : '[% c.escape_js(c.loc('Contacts')) %]') + '</li>');
}
},{
res: 'subscribers_count',
widgetName: "ResellerCustomerOverview",
cb: function(data) {
//console.log(data);
$("#reseller_customer_overview_lazy_items_list").append('<li><strong>' + data.widget_data + '</strong> ' + (data.widget_data == 1 ? '[% c.loc('Subscriber') %]' : '[% c.loc('Subscribers') %]') + '</li>');
$("#reseller_customer_overview_lazy_items_list").append('<li><strong>' + data.widget_data + '</strong> ' + (data.widget_data == 1 ? '[% c.escape_js(c.loc('Subscriber')) %]' : '[% c.escape_js(c.loc('Subscribers')) %]') + '</li>');
}
},{
res: 'customers_count',
@ -22,7 +22,7 @@ enqueLists.push([{
$("#reseller_customer_overview_lazy_items_header").append(
'<div class="plan-price">' +
'<span>' + data.widget_data + '</span>' +
'<span class="term">' + (data.widget_data == 1 ? '[% c.loc('Customer') %]' : '[% c.loc('Customers') %]') + '</span>' +
'<span class="term">' + (data.widget_data == 1 ? '[% c.escape_js(c.loc('Customer')) %]' : '[% c.escape_js(c.loc('Customers')) %]') + '</span>' +
'</div>');
}
}]);

6
share/templates/widgets/reseller_domain_overview.tt
Unescape View File

@ -4,14 +4,14 @@ enqueLists.push([{
widgetName: "ResellerDomainOverview",
cb: function(data) {
//console.log(data);
$("#reseller_domain_overview_lazy_items_list").append('<li><strong>' + data.widget_data + '</strong> ' + (data.widget_data == 1 ? '[% c.loc('Rewrite Rule Set') %]' : '[% c.loc('Rewrite Rule Sets') %]') + '</li>');
$("#reseller_domain_overview_lazy_items_list").append('<li><strong>' + data.widget_data + '</strong> ' + (data.widget_data == 1 ? '[% c.escape_js(c.loc('Rewrite Rule Set')) %]' : '[% c.escape_js(c.loc('Rewrite Rule Sets')) %]') + '</li>');
}
},{
res: 'sound_sets_count',
widgetName: "ResellerDomainOverview",
cb: function(data) {
//console.log(data);
$("#reseller_domain_overview_lazy_items_list").append('<li><strong>' + data.widget_data + '</strong> ' + (data.widget_data == 1 ? '[% c.loc('Sound Set') %]' : '[% c.loc('Sound Sets') %]') + '</li>');
$("#reseller_domain_overview_lazy_items_list").append('<li><strong>' + data.widget_data + '</strong> ' + (data.widget_data == 1 ? '[% c.escape_js(c.loc('Sound Set')) %]' : '[% c.escape_js(c.loc('Sound Sets')) %]') + '</li>');
}
},{
res: 'domains_count',
@ -22,7 +22,7 @@ enqueLists.push([{
$("#reseller_domain_overview_lazy_items_header").append(
'<div class="plan-price">' +
'<span>' + data.widget_data + '</span>' +
'<span class="term">' + (data.widget_data == 1 ? '[% c.loc('Domain') %]' : '[% c.loc('Domains') %]') + '</span>' +
'<span class="term">' + (data.widget_data == 1 ? '[% c.escape_js(c.loc('Domain')) %]' : '[% c.escape_js(c.loc('Domains')) %]') + '</span>' +
'</div>');
}
}]);

4
share/templates/widgets/subscriber_calls_overview.tt
Unescape View File

@ -6,7 +6,7 @@ enqueLists.push([{
//console.log(data);
var calls = data.widget_data;
if (calls.length == 0) {
$("#subscriber_call_overview_lazy_items_list").append('<li>[% c.loc('No calls yet') %]</li>');
$("#subscriber_call_overview_lazy_items_list").append('<li>[% c.escape_js(c.loc('No calls yet')) %]</li>');
} else {
for (var i = 0; i < calls.length; i++) {
var call = calls[i];
@ -47,7 +47,7 @@ enqueLists.push([{
$("#subscriber_call_overview_lazy_items_header").append(
'<div class="plan-price">' +
'<span>' + data.widget_data + '</span>' +
'<span class="term">' + (data.widget_data == 1 ? '[% c.loc('Recent Call') %]' : '[% c.loc('Recent Calls') %]') + '</span>' +
'<span class="term">' + (data.widget_data == 1 ? '[% c.escape_js(c.loc('Recent Call')) %]' : '[% c.escape_js(c.loc('Recent Calls')) %]') + '</span>' +
'</div>');
}
}]);

6
share/templates/widgets/subscriber_cf_overview.tt
Unescape View File

@ -11,9 +11,9 @@ enqueLists.push([{
$("#subscriber_cf_overview_lazy_items_list").append('<li>' +
cf_mappings.desc + ' <strong style="color:' +
(cf_mappings.mappings.length > 0 ?
'green">[% c.loc('active') %]'
'green">[% c.escape_js(c.loc('active')) %]'
:
'grey">[% c.loc('inactive') %]'
'grey">[% c.escape_js(c.loc('inactive')) %]'
) + '</strong>' +
'</li>');
mcount += cf_mappings.mappings.length;
@ -22,7 +22,7 @@ enqueLists.push([{
$("#subscriber_cf_overview_lazy_items_header").append(
'<div class="plan-price">' +
'<span>' + mcount + '</span>' +
'<span class="term">' + (mcount == 1 ? '[% c.loc('Call Forward Configured') %]' : '[% c.loc('Call Forwards Configured') %]') + '</span>' +
'<span class="term">' + (mcount == 1 ? '[% c.escape_js(c.loc('Call Forward Configured')) %]' : '[% c.escape_js(c.loc('Call Forwards Configured')) %]') + '</span>' +
'</div>');
}
}]);

4
share/templates/widgets/subscriber_reg_overview.tt
Unescape View File

@ -6,7 +6,7 @@ enqueLists.push([{
//console.log(data);
var registrations = data.widget_data;
if (registrations.length == 0) {
$("#subscriber_registration_overview_lazy_items_list").append('<li>[% c.loc('No devices registered') %]</li>');
$("#subscriber_registration_overview_lazy_items_list").append('<li>[% c.escape_js(c.loc('No devices registered')) %]</li>');
} else {
for (var i = 0; i < registrations.length; i++) {
var registration = registrations[i];
@ -31,7 +31,7 @@ enqueLists.push([{
$("#subscriber_registration_overview_lazy_items_header").append(
'<div class="plan-price">' +
'<span>' + data.widget_data + '</span>' +
'<span class="term">' + (data.widget_data == 1 ? '[% c.loc('Registered Device') %]' : '[% c.loc('Registered Devices') %]') + '</span>' +
'<span class="term">' + (data.widget_data == 1 ? '[% c.escape_js(c.loc('Registered Device')) %]' : '[% c.escape_js(c.loc('Registered Devices')) %]') + '</span>' +
'</div>');
}
}]);

4
share/templates/widgets/subscriber_vm_overview.tt
Unescape View File

@ -6,7 +6,7 @@ enqueLists.push([{
//console.log(data);
var voicemails = data.widget_data;
if (voicemails.length == 0) {
$("#subscriber_voicemail_overview_lazy_items_list").append('<li>[% c.loc('No new messages') %]</li>');
$("#subscriber_voicemail_overview_lazy_items_list").append('<li>[% c.escape_js(c.loc('No new messages')) %]</li>');
} else {
for (var i = 0; i < voicemails.length; i++) {
var voicemail = voicemails[i];
@ -36,7 +36,7 @@ enqueLists.push([{
$("#subscriber_voicemail_overview_lazy_items_header").append(
'<div class="plan-price">' +
'<span>' + data.widget_data + '</span>' +
'<span class="term">' + (data.widget_data == 1 ? '[% c.loc('New Message') %]' : '[% c.loc('New Messages') %]') + '</span>' +
'<span class="term">' + (data.widget_data == 1 ? '[% c.escape_js(c.loc('New Message')) %]' : '[% c.escape_js(c.loc('New Messages')) %]') + '</span>' +
'</div>');
}
}]);

Write Preview
Loading…
Cancel
Save