From ca611651e799c8066902554171c0113af122d48f Mon Sep 17 00:00:00 2001 From: Tobias Markmann Date: Thu, 26 Apr 2012 20:58:47 +0200 Subject: Improve parameter encoding of HTML buttons' JavaScript event code snippets. Resolves: #1101 License: This patch is BSD-licensed, see http://www.opensource.org/licenses/bsd-license.php diff --git a/Swift/QtUI/QtChatWindow.cpp b/Swift/QtUI/QtChatWindow.cpp index 28e6c36..57f7c15 100644 --- a/Swift/QtUI/QtChatWindow.cpp +++ b/Swift/QtUI/QtChatWindow.cpp @@ -18,6 +18,7 @@ #include "QtSettingsProvider.h" #include "QtScaledAvatarCache.h" +#include #include "SwifTools/TabComplete.h" #include #include @@ -45,6 +46,7 @@ #include #include #include +#include #include #include @@ -522,10 +524,18 @@ std::string formatSize(const boost::uintmax_t bytes) { return str( boost::format("%.1lf %sB") % engBytes % (power > 0 ? siPrefix[power-1] : "") ); } +QString encodeButtonArgument(const QString& str) { + return Qt::escape(P2QSTRING(Base64::encode(createByteArray(Q2PSTRING(str))))); +} + +QString decodeButtonArgument(const QString& str) { + return P2QSTRING(byteArrayToString(Base64::decode(Q2PSTRING(str)))); +} + QString QtChatWindow::buildChatWindowButton(const QString& name, const QString& id, const QString& arg1, const QString& arg2, const QString& arg3) { QRegExp regex("[A-Za-z][A-Za-z0-9\\-\\_]+"); Q_ASSERT(regex.exactMatch(id)); - QString html = QString("").arg(name).arg(id).arg(arg1).arg(arg2).arg(arg3); + QString html = QString("").arg(name).arg(id).arg(encodeButtonArgument(arg1)).arg(encodeButtonArgument(arg2)).arg(encodeButtonArgument(arg3)); return html; } @@ -579,7 +589,11 @@ void QtChatWindow::setFileTransferStatus(std::string id, const FileTransferState messageLog_->setFileTransferStatus(QString::fromStdString(id), state, QString::fromStdString(msg)); } -void QtChatWindow::handleHTMLButtonClicked(QString id, QString arg1, QString arg2, QString arg3) { +void QtChatWindow::handleHTMLButtonClicked(QString id, QString encodedArgument1, QString encodedArgument2, QString encodedArgument3) { + QString arg1 = decodeButtonArgument(encodedArgument1); + QString arg2 = decodeButtonArgument(encodedArgument2); + QString arg3 = decodeButtonArgument(encodedArgument3); + if (id.startsWith(ButtonFileTransferCancel)) { QString ft_id = arg1; onFileTransferCancel(Q2PSTRING(ft_id)); -- cgit v0.10.2-6-g49f6