From 871e2617e32fb305b9a4e16e560e270a7ef84ffc Mon Sep 17 00:00:00 2001
From: Jan Lehnardt <jan@apache.org>
Date: Tue, 2 Nov 2010 22:16:18 +0000
Subject: Escape URL and cookie input.

git-svn-id: https://svn.apache.org/repos/asf/couchdb/trunk@1030261 13f79535-47bb-0310-9956-ffa450edef68
---
 share/www/script/futon.browse.js | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

(limited to 'share/www/script/futon.browse.js')

diff --git a/share/www/script/futon.browse.js b/share/www/script/futon.browse.js
index 5f687941..65acbdeb 100644
--- a/share/www/script/futon.browse.js
+++ b/share/www/script/futon.browse.js
@@ -97,7 +97,10 @@
     // Page class for browse/database.html
     CouchDatabasePage: function() {
       var urlParts = location.search.substr(1).split("/");
-      var dbName = decodeURIComponent(urlParts.shift());
+      var dbName = decodeURIComponent(urlParts.shift())
+
+      var dbNameRegExp = new RegExp("[^a-z0-9\_\$\(\)\+\/\-]", "g");
+      dbName = dbName.replace(dbNameRegExp, "");
 
       $.futon.storage.declareWithPrefix(dbName + ".", {
         desc: {},
@@ -119,7 +122,7 @@
         if (viewName) {
           this.redirecting = true;
           location.href = "database.html?" + encodeURIComponent(dbName) +
-            "/" + viewName;
+            "/" + encodeURIComponent(viewName);
         }
       }
       var db = $.couch.db(dbName);
@@ -372,7 +375,8 @@
                 var path = $.couch.encodeDocId(doc._id) + "/_view/" +
                   encodeURIComponent(viewNames[j]);
                 var option = $(document.createElement("option"))
-                  .attr("value", path).text(viewNames[j]).appendTo(optGroup);
+                  .attr("value", path).text(encodeURIComponent(viewNames[j]))
+                  .appendTo(optGroup);
                 if (path == viewName) {
                   option[0].selected = true;
                 }
@@ -408,7 +412,7 @@
               }
               var viewCode = resp.views[localViewName];
               page.viewLanguage = resp.language || "javascript";
-              $("#language").val(page.viewLanguage);
+              $("#language").val(encodeURIComponent(page.viewLanguage));
               page.updateViewEditor(viewCode.map, viewCode.reduce || "");
               $("#viewcode button.revert, #viewcode button.save").attr("disabled", "disabled");
               page.storedViewCode = viewCode;
@@ -420,7 +424,7 @@
           page.updateViewEditor(page.storedViewCode.map,
             page.storedViewCode.reduce || "");
           page.viewLanguage = page.storedViewLanguage;
-          $("#language").val(page.viewLanguage);
+          $("#language").val(encodeURIComponent(page.viewLanguage));
           $("#viewcode button.revert, #viewcode button.save").attr("disabled", "disabled");
           page.isDirty = false;
           if (callback) callback();
@@ -504,7 +508,8 @@
                     callback({
                       docid: "Cannot save to " + data.docid +
                              " because its language is \"" + doc.language +
-                             "\", not \"" + page.viewLanguage + "\"."
+                             "\", not \"" +
+                             encodeURIComponent(page.viewLanguage) + "\"."
                     });
                     return;
                   }
-- 
cgit v1.2.3