[BUGFIX] Missing encoding in flexforms IRRE javascript 83/26283/3
authorAlexey Gafiulov <gafiulov@i-tribe.de>
Tue, 10 Dec 2013 14:55:50 +0000 (20:55 +0600)
committerStefan Neufeind <typo3.neufeind@speedpartner.de>
Mon, 17 Feb 2014 22:30:56 +0000 (23:30 +0100)
encodeURIComponent is added to escape all special characters in
parameters for AJAX call.

Resolves: #54304
Releases: 6.2, 6.1, 6.0
Change-Id: I3559104e1a26241b519f40a10000637852a4f114
Reviewed-on: https://review.typo3.org/26283
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Wouter Wolters
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
typo3/sysext/backend/Resources/Public/JavaScript/jsfunc.inline.js

index 37fe19b..9296116 100644 (file)
@@ -192,12 +192,12 @@ var inline = {
                var max, url='', urlParams='', options={};
                if (method && params && params.length && this.lockAjaxMethod(method, lock)) {
                        url = TBE_EDITOR.getBackendPath() + 'ajax.php';
-                       urlParams = '&ajaxID=t3lib_TCEforms_inline::'+method;
+                       urlParams = '&ajaxID=' + encodeURIComponent('t3lib_TCEforms_inline::' + method);
                        for (var i=0, max=params.length; i<max; i++) {
-                               urlParams += '&ajax['+i+']='+params[i];
+                               urlParams += '&ajax[' + i + ']=' + encodeURIComponent(params[i]);
                        }
                        if (context) {
-                               urlParams += '&ajax[context]=' + Object.toJSON(context);
+                               urlParams += '&ajax[context]=' + encodeURIComponent(Object.toJSON(context));
                        }
                        options = {
                                method:         'post',
@@ -1261,4 +1261,4 @@ Object.extend(Array.prototype, {
        $(function() {
                $(document).delegate('div.t3-form-field-header-inline', 'click', inline.toggleEvent);
        });
-})(TYPO3.jQuery);
\ No newline at end of file
+})(TYPO3.jQuery);