Changeset 27366 for main/trunk


Ignore:
Timestamp:
2013-05-17T17:43:28+12:00 (11 years ago)
Author:
ak19
Message:
  1. Handling quotes and colons in user comments: since these are sent and retrieved from metadata-server.pl as JSON strings, the quotes and colons in user-added meta needs to be protected since JSON uses these characters for packaging up data. 2. Cosmetic changes to baseaction: clarified some comments.
Location:
main/trunk/greenstone2
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • main/trunk/greenstone2/macros/style.dm

    r27318 r27366  
    363363    divtime.appendChild(txt);
    364364
     365    // any quotes and colons in the fields would have been protected for transmitting as JSON
     366    // so decode their entity values
     367    comment = comment.replace(/"/gmi, '"');
     368    comment = comment.replace(/&58;/gmi, ':');
     369
    365370    divgroup.appendChild(divcomment);
    366371    txt=document.createTextNode(comment);

  • main/trunk/greenstone2/perllib/cgiactions/baseaction.pm

    r27349 r27366  
    294294       
    295295        my ($year,$mon,$mday,$hour,$min,$sec) = split(/[\s\/:]+/, $keycreation_time); # split by space, /, :
     296                           # (also ensures whitespace surrounding keycreateion_time is trimmed)
    296297        my $key_timestamp = timelocal($sec,$min,$hour,$mday,$mon-1,$year);
    297298       
     
    321322    # The following code which tests whether the user is in the required group
    322323    # seems to have been copied over from gliserver.pl.
    323     # But for metadata-server.pl, when user comments are added through the set-metadata functions,
     324    # But when user comments are added through the set-metadata functions for metadata-server.pl
     325    # (which is the first feature for which baseaction::authenticate_user() is actually used)
    324326    # the user doesn't need to be a specific collection's editor in order to add comments to that collection.
    325327    # So we no longer check the user is in the group here.

  • main/trunk/greenstone2/perllib/cgiactions/metadataaction.pm

    r27336 r27366  
    663663        if($metapos ne "all") { # get the value at a single metapos
    664664
    665         $metavalue = $doc_rec->{$metaname}->[$metapos];     
     665        $metavalue = $doc_rec->{$metaname}->[$metapos];
     666
     667        # protect any double quotes and colons in the metavalue before putting it into JSON
     668        $metavalue =~ s/\"/"/g if defined $metavalue;
     669        $metavalue =~ s/\:/&58;/g if defined $metavalue;
     670
    666671        $json_result_str .= "{\"metapos\":\"$metapos\",\"metavalue\":\"$metavalue\"}";
    667672
     
    672677
    673678        while (defined $metavalue) {
     679
     680            # protect any double quotes and colons in the metavalue before putting it into JSON
     681            $metavalue =~ s/\"/"/g;
     682            $metavalue =~ s/\:/&58;/g;
     683
    674684            if($first_metaval) {       
    675685            $first_metaval = 0;
     
    681691
    682692            $metapos++;
    683             $metavalue = $doc_rec->{$metaname}->[$metapos];         
     693            $metavalue = $doc_rec->{$metaname}->[$metapos];
    684694        }
    685695        }
Note: See TracChangeset for help on using the changeset viewer.