projects / profile / ivi / qtdeclarative.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e6b224a)
Encode user input before insertion into URLs
authorMatthew Vogt <matthew.vogt@nokia.com>
Thu, 19 Jan 2012 06:39:53 +0000 (16:39 +1000)
committerQt by Nokia <qt-info@nokia.com>
Mon, 23 Jan 2012 06:38:34 +0000 (07:38 +0100)
Encode user input strings used to formulate URLs, to ensure they do not
cause the structure of the URL to be subverted.

Task-number: QTBUG-19925
Change-Id: I6173f4df67a4bc1676ac32be6072763fc16f9720
Reviewed-by: Martin Jones <martin.jones@nokia.com>
examples/declarative/flickr/content/RssModel.qml patch | blob | history
examples/declarative/particles/itemparticle/content/RssModel.qml patch | blob | history
examples/declarative/photoviewer/PhotoViewerCore/RssModel.qml patch | blob | history
examples/declarative/twitter/TwitterCore/RssModel.qml patch | blob | history

diff --git a/examples/declarative/flickr/content/RssModel.qml b/examples/declarative/flickr/content/RssModel.qml
index 9dfcba5..ba1cf7e 100644 (file)
--- a/examples/declarative/flickr/content/RssModel.qml
+++ b/examples/declarative/flickr/content/RssModel.qml
@@ -45,12 +45,9 @@ import QtQuick.XmlListModel 2.0
 XmlListModel {
     property string tags : ""
 
-    function commasep(x)
-    {
-        return x.replace(' ',',');
-    }
+    function encodeTags(x) { return encodeURIComponent(x.replace(' ',',')); }
 
-    source: "http://api.flickr.com/services/feeds/photos_public.gne?"+(tags ? "tags="+commasep(tags)+"&" : "")+"format=rss2"
+    source: "http://api.flickr.com/services/feeds/photos_public.gne?"+(tags ? "tags="+encodeTags(tags)+"&" : "")+"format=rss2"
     query: "/rss/channel/item"
     namespaceDeclarations: "declare namespace media=\"http://search.yahoo.com/mrss/\";"
 
diff --git a/examples/declarative/particles/itemparticle/content/RssModel.qml b/examples/declarative/particles/itemparticle/content/RssModel.qml
index 33b6da3..f5abf28 100644 (file)
--- a/examples/declarative/particles/itemparticle/content/RssModel.qml
+++ b/examples/declarative/particles/itemparticle/content/RssModel.qml
@@ -44,7 +44,9 @@ import QtQuick.XmlListModel 2.0
 XmlListModel {
     property string tags : ""
 
-    source: "http://api.flickr.com/services/feeds/photos_public.gne?"+(tags ? "tags="+tags+"&" : "")
+    function encodeTags(x) { return encodeURIComponent(x.replace(' ',',')); }
+
+    source: "http://api.flickr.com/services/feeds/photos_public.gne?"+(tags ? "tags="+encodeTags(tags)+"&" : "")
     query: "/feed/entry"
     namespaceDeclarations: "declare default element namespace 'http://www.w3.org/2005/Atom';"
 
diff --git a/examples/declarative/photoviewer/PhotoViewerCore/RssModel.qml b/examples/declarative/photoviewer/PhotoViewerCore/RssModel.qml
index 4126367..9438637 100644 (file)
--- a/examples/declarative/photoviewer/PhotoViewerCore/RssModel.qml
+++ b/examples/declarative/photoviewer/PhotoViewerCore/RssModel.qml
@@ -45,7 +45,9 @@ import QtQuick.XmlListModel 2.0
 XmlListModel {
     property string tags : ""
 
-    source: "http://api.flickr.com/services/feeds/photos_public.gne?"+(tags ? "tags="+tags+"&" : "")
+    function encodeTags(x) { return encodeURIComponent(x.replace(' ',',')); }
+
+    source: "http://api.flickr.com/services/feeds/photos_public.gne?"+(tags ? "tags="+encodeTags(tags)+"&" : "")
     query: "/feed/entry"
     namespaceDeclarations: "declare default element namespace 'http://www.w3.org/2005/Atom';"
 
diff --git a/examples/declarative/twitter/TwitterCore/RssModel.qml b/examples/declarative/twitter/TwitterCore/RssModel.qml
index 61145f7..4e381f5 100644 (file)
--- a/examples/declarative/twitter/TwitterCore/RssModel.qml
+++ b/examples/declarative/twitter/TwitterCore/RssModel.qml
@@ -51,11 +51,14 @@ Item { id: wrapper
     property string mode : "everyone"
     property int status: xmlModel.status
     function reload() { xmlModel.reload(); }
+
     XmlListModel {
         id: xmlModel
 
+        function encodePhrase(x) { return encodeURIComponent(x); }
+
         source: (from=="" && to=="" && phrase=="") ? "" :
-            'http://search.twitter.com/search.atom?from='+from+"&to="+to+"&phrase="+phrase
+            'http://search.twitter.com/search.atom?from='+from+"&to="+to+"&phrase="+encodePhrase(phrase)
 
         namespaceDeclarations: "declare default element namespace 'http://www.w3.org/2005/Atom'; " +
                                "declare namespace twitter=\"http://api.twitter.com/\";";
Domain: UI Framework / Uncategorized;