Opened 8 years ago
Closed 5 years ago
#14237 closed defect (patchwelcome)
dojox.form.uploader.plugins.Flash Return Data is not escaped
| Reported by: | leader | Owned by: | dylan |
|---|---|---|---|
| Priority: | high | Milestone: | 1.11 |
| Component: | DojoX Uploader | Version: | 1.6.1 |
| Keywords: | Cc: | ||
| Blocked By: | Blocking: |
Description
If the file name contains reserved characters (=&,) Internet Explore signals a syntax error.
Possible work-around is to escape data on the server and to unescape fields in the returned array from onComplete event.
My work around: Server Apache2 mod_perl:
use URI::Escape; .... my $upload = $r->upload('flashUploadFiles'); $r is istance of Apache2::Request $return_data = 'file='.uri_escape($upload_dir.'/'.$upload->filename).',name='.uri_escape($upload->filename).',type='.uri_escape($upload->type).',size='.$upload->size.',width=,height=';
Client IE 8 & 9:
dojo.connect(dijit.byId('uploader'), 'onComplete', function(params) { console.debug('uploader onComplete', unescape(dojo.toJson(params))); });
Change History (3)
comment:1 Changed 8 years ago by
| Milestone: | → tbd |
|---|
comment:2 Changed 5 years ago by
| Owner: | changed from Mike Wilcox to dylan |
|---|---|
| Status: | new → assigned |
comment:3 Changed 5 years ago by
| Milestone: | tbd → 1.11 |
|---|---|
| Resolution: | → patchwelcome |
| Status: | assigned → closed |
Note: See
TracTickets for help on using
tickets.
Definitely possible, and my apologies that you've not had a response to this previously.
Given that no one has addressed this in 4 years, and we're trying to make our tickets manageable, I'm going to mark this as patchwelcome. If you want to create a pull request via github following the guidelines at https://github.com/dojo/dojo/blob/master/CONTRIBUTING.md , we'll review and land it.