Fixed Messenger with LDAP users.

2025-03-09 15:40:18 +00:00 · 2020-08-20 12:24:45 -07:00 · 2020-08-20 12:24:45 -07:00 · 36b3db0baa
commit 36b3db0baa
parent 7dc8900ac7
2 changed files with 3 additions and 2 deletions
--- a/public/scripts/common-0.0.1.js
+++ b/public/scripts/common-0.0.1.js
@ -112,6 +112,7 @@ function zeroPad(num, c) { if (c == null) { c = 2; } var s = "00000000" + num; r
 // String validation
 function isAlphaNumeric(str) { return (str.match(/^[A-Za-z0-9]+$/) != null); };
 function isSafeString(str) { return ((typeof str == 'string') && (str.indexOf('<') == -1) && (str.indexOf('>') == -1) && (str.indexOf('&') == -1) && (str.indexOf('"') == -1) && (str.indexOf('\'') == -1) && (str.indexOf('+') == -1) && (str.indexOf('(') == -1) && (str.indexOf(')') == -1) && (str.indexOf('#') == -1) && (str.indexOf('%') == -1) && (str.indexOf(':') == -1)) };
+function isSafeString2(str) { return ((typeof str == 'string') && (str.indexOf('<') == -1) && (str.indexOf('>') == -1) && (str.indexOf('&') == -1) && (str.indexOf('"') == -1) && (str.indexOf('\'') == -1) && (str.indexOf('+') == -1) && (str.indexOf('(') == -1) && (str.indexOf(')') == -1) && (str.indexOf('#') == -1) && (str.indexOf('%') == -1)) };

 // Parse URL arguments, only keep safe values
 function parseUriArgs() {
@ -124,7 +125,7 @@ function parseUriArgs() {
            case 0: { name = decodeURIComponent(parsedUri[x]); break; }
            case 1: {
                r[name] = decodeURIComponent(parsedUri[x]);
-                if (!isSafeString(r[name])) { delete r[name]; } else { var x = parseInt(r[name]); if (x == r[name]) { r[name] = x; } }
+                if (!isSafeString2(r[name])) { delete r[name]; } else { var x = parseInt(r[name]); if (x == r[name]) { r[name] = x; } }
                break;
            } default: { break; }
        }