d4708
/
qBittorrent
mirror of https://github.com/d47081/qBittorrent.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge pull request #11215 from xnoreq/master 

WebUI: fix escaping of HTML special characters
adaptive-webui-19844
Mike Tzou 5 years ago committed by GitHub
parent
72e511e3c4 ecc3ff3ca4
commit
eebb2186c7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 91 additions and 124 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 198
      src/webui/www/private/scripts/dynamicTable.js
  2. 5
      src/webui/www/private/scripts/prop-files.js
  3. 2
      src/webui/www/private/scripts/prop-general.js
  4. 3
      src/webui/www/private/scripts/prop-peers.js
  5. 7
      src/webui/www/private/scripts/prop-trackers.js

198
src/webui/www/private/scripts/dynamicTable.js
Unescape View File

@ -375,8 +375,8 @@ window.qBittorrent.DynamicTable = (function() { @@ -375,8 +375,8 @@ window.qBittorrent.DynamicTable = (function() {
};
column['updateTd'] = function(td, row) {
const value = this.getRowValue(row)
td.innerHTML = value;
td.title = value;
td.set('text', value);
td.set('title', value);
};
column['onResize'] = null;
this.columns.push(column);
@ -425,7 +425,7 @@ window.qBittorrent.DynamicTable = (function() { @@ -425,7 +425,7 @@ window.qBittorrent.DynamicTable = (function() {
const th = ths[i];
th._this = this;
th.setAttribute('title', this.columns[i].caption);
th.innerHTML = this.columns[i].caption;
th.set('text', this.columns[i].caption);
th.setAttribute('style', 'width: ' + this.columns[i].width + 'px;' + this.columns[i].style);
th.columnName = this.columns[i].name;
th.addClass('column_' + th.columnName);
@ -977,7 +977,7 @@ window.qBittorrent.DynamicTable = (function() { @@ -977,7 +977,7 @@ window.qBittorrent.DynamicTable = (function() {
status = "QBT_TR(Unknown)QBT_TR[CONTEXT=HttpServer]";
}
td.set('html', status);
td.set('text', status);
td.set('title', status);
};
@ -985,7 +985,7 @@ window.qBittorrent.DynamicTable = (function() { @@ -985,7 +985,7 @@ window.qBittorrent.DynamicTable = (function() {
this.columns['priority'].updateTd = function(td, row) {
const queuePos = this.getRowValue(row);
const formattedQueuePos = (queuePos < 1) ? '*' : queuePos;
td.set('html', formattedQueuePos);
td.set('text', formattedQueuePos);
td.set('title', formattedQueuePos);
};
@ -1004,14 +1004,6 @@ window.qBittorrent.DynamicTable = (function() { @@ -1004,14 +1004,6 @@ window.qBittorrent.DynamicTable = (function() {
};
// name, category, tags
this.columns['name'].updateTd = function(td, row) {
const name = window.qBittorrent.Misc.escapeHtml(this.getRowValue(row))
td.set('html', name);
td.set('title', name);
};
this.columns['category'].updateTd = this.columns['name'].updateTd;
this.columns['tags'].updateTd = this.columns['name'].updateTd;
this.columns['name'].compareRows = function(row1, row2) {
const row1Val = this.getRowValue(row1);
const row2Val = this.getRowValue(row2);
@ -1020,12 +1012,13 @@ window.qBittorrent.DynamicTable = (function() { @@ -1020,12 +1012,13 @@ window.qBittorrent.DynamicTable = (function() {
this.columns['category'].compareRows = this.columns['name'].compareRows;
this.columns['tags'].compareRows = this.columns['name'].compareRows;
// size
// size, total_size
this.columns['size'].updateTd = function(td, row) {
const size = window.qBittorrent.Misc.friendlyUnit(this.getRowValue(row), false);
td.set('html', size);
td.set('text', size);
td.set('title', size);
};
this.columns['total_size'].updateTd = this.columns['size'].updateTd;
// progress
this.columns['progress'].updateTd = function(td, row) {
@ -1070,11 +1063,11 @@ window.qBittorrent.DynamicTable = (function() { @@ -1070,11 +1063,11 @@ window.qBittorrent.DynamicTable = (function() {
this.columns['num_seeds'].updateTd = function(td, row) {
const num_seeds = this.getRowValue(row, 0);
const num_complete = this.getRowValue(row, 1);
let html = num_seeds;
let value = num_seeds;
if (num_complete != -1)
html += ' (' + num_complete + ')';
td.set('html', html);
td.set('title', html);
value += ' (' + num_complete + ')';
td.set('text', value);
td.set('title', value);
};
this.columns['num_seeds'].compareRows = function(row1, row2) {
const num_seeds1 = this.getRowValue(row1, 0);
@ -1101,7 +1094,7 @@ window.qBittorrent.DynamicTable = (function() { @@ -1101,7 +1094,7 @@ window.qBittorrent.DynamicTable = (function() {
// dlspeed
this.columns['dlspeed'].updateTd = function(td, row) {
const speed = window.qBittorrent.Misc.friendlyUnit(this.getRowValue(row), true);
td.set('html', speed);
td.set('text', speed);
td.set('title', speed);
};
@ -1111,7 +1104,7 @@ window.qBittorrent.DynamicTable = (function() { @@ -1111,7 +1104,7 @@ window.qBittorrent.DynamicTable = (function() {
// eta
this.columns['eta'].updateTd = function(td, row) {
const eta = window.qBittorrent.Misc.friendlyDuration(this.getRowValue(row));
td.set('html', eta);
td.set('text', eta);
td.set('title', eta);
};
@ -1119,14 +1112,14 @@ window.qBittorrent.DynamicTable = (function() { @@ -1119,14 +1112,14 @@ window.qBittorrent.DynamicTable = (function() {
this.columns['ratio'].updateTd = function(td, row) {
const ratio = this.getRowValue(row);
const string = (ratio === -1) ? '∞' : window.qBittorrent.Misc.toFixedPointString(ratio, 2);
td.set('html', string);
td.set('text', string);
td.set('title', string);
};
// added on
this.columns['added_on'].updateTd = function(td, row) {
const date = new Date(this.getRowValue(row) * 1000).toLocaleString();
td.set('html', date);
td.set('text', date);
td.set('title', date);
};
@ -1134,77 +1127,73 @@ window.qBittorrent.DynamicTable = (function() { @@ -1134,77 +1127,73 @@ window.qBittorrent.DynamicTable = (function() {
this.columns['completion_on'].updateTd = function(td, row) {
const val = this.getRowValue(row);
if ((val === 0xffffffff) || (val < 0)) {
td.set('html', '');
td.set('text', '');
td.set('title', '');
}
else {
const date = new Date(this.getRowValue(row) * 1000).toLocaleString();
td.set('html', date);
td.set('text', date);
td.set('title', date);
}
};
// seen_complete
this.columns['seen_complete'].updateTd = this.columns['completion_on'].updateTd;
// dl_limit, up_limit
this.columns['dl_limit'].updateTd = function(td, row) {
const speed = this.getRowValue(row);
if (speed === 0) {
td.set('html', '∞');
td.set('text', '∞');
td.set('title', '∞');
}
else {
const formattedSpeed = window.qBittorrent.Misc.friendlyUnit(speed, true);
td.set('html', formattedSpeed);
td.set('text', formattedSpeed);
td.set('title', formattedSpeed);
}
};
this.columns['up_limit'].updateTd = this.columns['dl_limit'].updateTd;
// downloaded, uploaded, downloaded_session, uploaded_session, amount_left, completed, total_size
// downloaded, uploaded, downloaded_session, uploaded_session, amount_left
this.columns['downloaded'].updateTd = this.columns['size'].updateTd;
this.columns['uploaded'].updateTd = this.columns['size'].updateTd;
this.columns['downloaded_session'].updateTd = this.columns['size'].updateTd;
this.columns['uploaded_session'].updateTd = this.columns['size'].updateTd;
this.columns['amount_left'].updateTd = this.columns['size'].updateTd;
this.columns['amount_left'].updateTd = this.columns['size'].updateTd;
this.columns['completed'].updateTd = this.columns['size'].updateTd;
this.columns['total_size'].updateTd = this.columns['size'].updateTd;
// save_path, tracker
this.columns['save_path'].updateTd = this.columns['name'].updateTd;
this.columns['tracker'].updateTd = this.columns['name'].updateTd;
// time active
this.columns['time_active'].updateTd = function(td, row) {
const time = window.qBittorrent.Misc.friendlyDuration(this.getRowValue(row));
td.set('text', time);
td.set('title', time);
};
// completed
this.columns['completed'].updateTd = this.columns['size'].updateTd;
// max_ratio
this.columns['max_ratio'].updateTd = this.columns['ratio'].updateTd;
// seen_complete
this.columns['seen_complete'].updateTd = this.columns['completion_on'].updateTd;
// last_activity
this.columns['last_activity'].updateTd = function(td, row) {
const val = this.getRowValue(row);
if (val < 1) {
td.set('html', '∞');
td.set('text', '∞');
td.set('title', '∞');
}
else {
const formattedVal = 'QBT_TR(%1 ago)QBT_TR[CONTEXT=TransferListDelegate]'.replace('%1', window.qBittorrent.Misc.friendlyDuration((new Date()) / 1000 - val));
td.set('html', formattedVal);
td.set('text', formattedVal);
td.set('title', formattedVal);
}
};
// time active
this.columns['time_active'].updateTd = function(td, row) {
const time = window.qBittorrent.Misc.friendlyDuration(this.getRowValue(row));
td.set('html', time);
td.set('title', time);
};
// availability
this.columns['availability'].updateTd = function(td, row) {
const value = window.qBittorrent.Misc.toFixedPointString(this.getRowValue(row), 3);
td.set('html', value);
td.set('text', value);
td.set('title', value);
};
},
@ -1393,7 +1382,6 @@ window.qBittorrent.DynamicTable = (function() { @@ -1393,7 +1382,6 @@ window.qBittorrent.DynamicTable = (function() {
initColumnsFunctions: function() {
// country
this.columns['country'].updateTd = function(td, row) {
const country = this.getRowValue(row, 0);
const country_code = this.getRowValue(row, 1);
@ -1423,7 +1411,6 @@ window.qBittorrent.DynamicTable = (function() { @@ -1423,7 +1411,6 @@ window.qBittorrent.DynamicTable = (function() {
};
// ip
this.columns['ip'].compareRows = function(row1, row2) {
const ip1 = this.getRowValue(row1);
const ip2 = this.getRowValue(row2);
@ -1439,59 +1426,54 @@ window.qBittorrent.DynamicTable = (function() { @@ -1439,59 +1426,54 @@ window.qBittorrent.DynamicTable = (function() {
return 0;
};
// progress, relevance
// flags
this.columns['flags'].updateTd = function(td, row) {
td.set('text', this.getRowValue(row, 0));
td.set('title', this.getRowValue(row, 1));
};
// progress
this.columns['progress'].updateTd = function(td, row) {
const progress = this.getRowValue(row);
let progressFormated = (progress * 100).round(1);
if (progressFormated == 100.0 && progress != 1.0)
progressFormated = 99.9;
progressFormated += "%";
td.set('html', progressFormated);
td.set('text', progressFormated);
td.set('title', progressFormated);
};
this.columns['relevance'].updateTd = this.columns['progress'].updateTd;
// dl_speed, up_speed
this.columns['dl_speed'].updateTd = function(td, row) {
const speed = this.getRowValue(row);
if (speed === 0) {
td.set('html', '');
td.set('text', '');
td.set('title', '');
}
else {
const formattedSpeed = window.qBittorrent.Misc.friendlyUnit(speed, true);
td.set('html', formattedSpeed);
td.set('text', formattedSpeed);
td.set('title', formattedSpeed);
}
};
this.columns['up_speed'].updateTd = this.columns['dl_speed'].updateTd;
// downloaded, uploaded
this.columns['downloaded'].updateTd = function(td, row) {
const downloaded = window.qBittorrent.Misc.friendlyUnit(this.getRowValue(row), false);
td.set('html', downloaded);
td.set('text', downloaded);
td.set('title', downloaded);
};
this.columns['uploaded'].updateTd = this.columns['downloaded'].updateTd;
// flags
this.columns['flags'].updateTd = function(td, row) {
td.innerHTML = this.getRowValue(row, 0);
td.title = this.getRowValue(row, 1);
};
// relevance
this.columns['relevance'].updateTd = this.columns['progress'].updateTd;
// files
this.columns['files'].updateTd = function(td, row) {
td.innerHTML = window.qBittorrent.Misc.escapeHtml(this.getRowValue(row, 0).replace(/\n/g, ';'));
td.title = window.qBittorrent.Misc.escapeHtml(this.getRowValue(row, 0));
const value = this.getRowValue(row, 0);
td.set('text', value.replace(/\n/g, ';'));
td.set('title', value);
};
}
@ -1511,28 +1493,21 @@ window.qBittorrent.DynamicTable = (function() { @@ -1511,28 +1493,21 @@ window.qBittorrent.DynamicTable = (function() {
},
initColumnsFunctions: function() {
const displayText = function(td, row) {
const value = window.qBittorrent.Misc.escapeHtml(this.getRowValue(row));
td.set('html', value);
td.set('title', value);
}
const displaySize = function(td, row) {
const size = window.qBittorrent.Misc.friendlyUnit(this.getRowValue(row), false);
td.set('html', size);
td.set('text', size);
td.set('title', size);
}
const displayNum = function(td, row) {
const value = window.qBittorrent.Misc.escapeHtml(this.getRowValue(row));
const value = this.getRowValue(row);
const formattedValue = (value === "-1") ? "Unknown" : value;
td.set('html', formattedValue);
td.set('text', formattedValue);
td.set('title', formattedValue);
}
this.columns['fileName'].updateTd = displayText;
this.columns['fileSize'].updateTd = displaySize;
this.columns['nbSeeders'].updateTd = displayNum;
this.columns['nbLeechers'].updateTd = displayNum;
this.columns['siteUrl'].updateTd = displayText;
},
getFilteredAndSortedRows: function() {
@ -1624,25 +1599,16 @@ window.qBittorrent.DynamicTable = (function() { @@ -1624,25 +1599,16 @@ window.qBittorrent.DynamicTable = (function() {
},
initColumnsFunctions: function() {
const displayText = function(td, row) {
const value = window.qBittorrent.Misc.escapeHtml(this.getRowValue(row));
td.set('html', value);
td.set('title', value);
}
this.columns['fullName'].updateTd = displayText;
this.columns['version'].updateTd = displayText;
this.columns['url'].updateTd = displayText;
this.columns['enabled'].updateTd = function(td, row) {
const value = this.getRowValue(row);
if (value) {
td.set('html', "Yes");
td.set('text', "Yes");
td.set('title', "Yes");
td.getParent("tr").addClass("green");
td.getParent("tr").removeClass("red");
}
else {
td.set('html', "No");
td.set('text', "No");
td.set('title', "No");
td.getParent("tr").addClass("red");
td.getParent("tr").removeClass("green");
@ -1748,15 +1714,35 @@ window.qBittorrent.DynamicTable = (function() { @@ -1748,15 +1714,35 @@ window.qBittorrent.DynamicTable = (function() {
const that = this;
const displaySize = function(td, row) {
const size = window.qBittorrent.Misc.friendlyUnit(this.getRowValue(row), false);
td.set('html', size);
td.set('text', size);
td.set('title', size);
}
const displayPercentage = function(td, row) {
const value = window.qBittorrent.Misc.friendlyPercentage(this.getRowValue(row));
td.set('html', value);
td.set('text', value);
td.set('title', value);
};
// checked
this.columns['checked'].updateTd = function(td, row) {
const id = row.rowId;
const value = this.getRowValue(row);
if (window.qBittorrent.PropFiles.isDownloadCheckboxExists(id)) {
window.qBittorrent.PropFiles.updateDownloadCheckbox(id, value);
}
else {
const treeImg = new Element('img', {
src: 'images/L.gif',
styles: {
'margin-bottom': -2
}
});
td.adopt(treeImg, window.qBittorrent.PropFiles.createDownloadCheckbox(id, row.full_data.fileId, value));
}
};
// name
this.columns['name'].updateTd = function(td, row) {
const id = row.rowId;
const fileNameId = 'filesTablefileName' + id;
@ -1768,7 +1754,7 @@ window.qBittorrent.DynamicTable = (function() { @@ -1768,7 +1754,7 @@ window.qBittorrent.DynamicTable = (function() {
const dirImgId = 'filesTableDirImg' + id;
if ($(dirImgId)) {
// just update file name
$(fileNameId).textContent = window.qBittorrent.Misc.escapeHtml(value);
$(fileNameId).set('text', value);
}
else {
const collapseIcon = new Element('img', {
@ -1782,7 +1768,7 @@ window.qBittorrent.DynamicTable = (function() { @@ -1782,7 +1768,7 @@ window.qBittorrent.DynamicTable = (function() {
onclick: "qBittorrent.PropFiles.collapseIconClicked(this)"
});
const span = new Element('span', {
text: window.qBittorrent.Misc.escapeHtml(value),
text: value,
id: fileNameId
});
const dirImg = new Element('img', {
@ -1801,7 +1787,7 @@ window.qBittorrent.DynamicTable = (function() { @@ -1801,7 +1787,7 @@ window.qBittorrent.DynamicTable = (function() {
else {
const value = this.getRowValue(row);
const span = new Element('span', {
text: window.qBittorrent.Misc.escapeHtml(value),
text: value,
id: fileNameId,
styles: {
'margin-left': ((node.depth + 1) * 20)
@ -1811,26 +1797,10 @@ window.qBittorrent.DynamicTable = (function() { @@ -1811,26 +1797,10 @@ window.qBittorrent.DynamicTable = (function() {
}
};
this.columns['checked'].updateTd = function(td, row) {
const id = row.rowId;
const value = this.getRowValue(row);
if (window.qBittorrent.PropFiles.isDownloadCheckboxExists(id)) {
window.qBittorrent.PropFiles.updateDownloadCheckbox(id, value);
}
else {
const treeImg = new Element('img', {
src: 'images/L.gif',
styles: {
'margin-bottom': -2
}
});
td.adopt(treeImg, window.qBittorrent.PropFiles.createDownloadCheckbox(id, row.full_data.fileId, value));
}
};
// size
this.columns['size'].updateTd = displaySize;
// progress
this.columns['progress'].updateTd = function(td, row) {
const id = row.rowId;
const value = this.getRowValue(row);
@ -1847,6 +1817,7 @@ window.qBittorrent.DynamicTable = (function() { @@ -1847,6 +1817,7 @@ window.qBittorrent.DynamicTable = (function() {
}
};
// priority
this.columns['priority'].updateTd = function(td, row) {
const id = row.rowId;
const value = this.getRowValue(row);
@ -1857,6 +1828,7 @@ window.qBittorrent.DynamicTable = (function() { @@ -1857,6 +1828,7 @@ window.qBittorrent.DynamicTable = (function() {
td.adopt(window.qBittorrent.PropFiles.createPriorityCombo(id, row.full_data.fileId, value));
};
// remaining, availability
this.columns['remaining'].updateTd = displaySize;
this.columns['availability'].updateTd = displayPercentage;
},

5
src/webui/www/private/scripts/prop-files.js
Unescape View File

@ -393,15 +393,14 @@ window.qBittorrent.PropFiles = (function() { @@ -393,15 +393,14 @@ window.qBittorrent.PropFiles = (function() {
if ((progress === 100) && (file.progress < 1))
progress = 99.9;
const name = window.qBittorrent.Misc.escapeHtml(file.name);
const ignore = (file.priority === FilePriority.Ignored);
const checked = (ignore ? TriState.Unchecked : TriState.Checked);
const remaining = (ignore ? 0 : (file.size * (1.0 - file.progress)));
const row = {
fileId: index,
checked: checked,
fileName: name,
name: window.qBittorrent.Filesystem.fileName(name),
fileName: file.name,
name: window.qBittorrent.Filesystem.fileName(file.name),
size: file.size,
progress: progress,
priority: normalizePriority(file.priority),

2
src/webui/www/private/scripts/prop-general.js
Unescape View File

@ -171,7 +171,7 @@ window.qBittorrent.PropGeneral = (function() { @@ -171,7 +171,7 @@ window.qBittorrent.PropGeneral = (function() {
temp = "QBT_TR(Unknown)QBT_TR[CONTEXT=HttpServer]";
$('pieces').set('html', temp);
$('created_by').set('html', window.qBittorrent.Misc.escapeHtml(data.created_by));
$('created_by').set('text', data.created_by);
if (data.addition_date != -1)
temp = new Date(data.addition_date * 1000).toLocaleString();
else

3
src/webui/www/private/scripts/prop-peers.js
Unescape View File

@ -82,9 +82,6 @@ window.qBittorrent.PropPeers = (function() { @@ -82,9 +82,6 @@ window.qBittorrent.PropPeers = (function() {
for (const key in response['peers']) {
response['peers'][key]['rowId'] = key;
if (response['peers'][key]['client'])
response['peers'][key]['client'] = window.qBittorrent.Misc.escapeHtml(response['peers'][key]['client']);
torrentPeersTable.updateRowData(response['peers'][key]);
}
}

7
src/webui/www/private/scripts/prop-trackers.js
Unescape View File

@ -76,7 +76,6 @@ window.qBittorrent.PropTrackers = (function() { @@ -76,7 +76,6 @@ window.qBittorrent.PropTrackers = (function() {
if (trackers) {
trackers.each(function(tracker) {
const url = window.qBittorrent.Misc.escapeHtml(tracker.url);
let status;
switch (tracker.status) {
case 0:
@ -97,15 +96,15 @@ window.qBittorrent.PropTrackers = (function() { @@ -97,15 +96,15 @@ window.qBittorrent.PropTrackers = (function() {
}
const row = {
rowId: url,
rowId: tracker.url,
tier: tracker.tier,
url: url,
url: tracker.url,
status: status,
peers: tracker.num_peers,
seeds: (tracker.num_seeds >= 0) ? tracker.num_seeds : "QBT_TR(N/A)QBT_TR[CONTEXT=TrackerListWidget]",
leeches: (tracker.num_leeches >= 0) ? tracker.num_leeches : "QBT_TR(N/A)QBT_TR[CONTEXT=TrackerListWidget]",
downloaded: (tracker.num_downloaded >= 0) ? tracker.num_downloaded : "QBT_TR(N/A)QBT_TR[CONTEXT=TrackerListWidget]",
message: window.qBittorrent.Misc.escapeHtml(tracker.msg)
message: tracker.msg
};
torrentTrackersTable.updateRowData(row);

Write Preview
Loading…
Cancel
Save