首頁 探索 說明
登入
mirrors
/
Radicale
镜像来自 https://github.com/Kozea/Radicale
1
0
複刻 0
檔案 問題管理 0 Wiki
瀏覽代碼

Encode password to allow special characters

XMLHttpRequest.open() does not automatically encode the password. Though it builds an basic auth schemed URI where '%' is the escaping indicator, thus passwords containing this characters are not accepted this way without manually replacing '%' with '%25' on the form.
Tobias Stettner 5 年之前
父節點
08a4c792b1
當前提交
8fc5352e27
共有 1 個文件被更改,包括 5 次插入5 次删除
分割檢視 顯示文件統計
  1. 5 5
      radicale/web/internal_data/fn.js

+ 5 - 5
radicale/web/internal_data/fn.js
查看文件 

@@ -124,7 +124,7 @@ function Collection(href, type, displayname, description, color, source) {
 
  */
 
 function get_principal(user, password, callback) {
 
     let request = new XMLHttpRequest();
 
-    request.open("PROPFIND", SERVER + ROOT_PATH, true, user, password);
 
+    request.open("PROPFIND", SERVER + ROOT_PATH, true, user, encodeURIComponent(password));
 
     request.onreadystatechange = function() {
 
         if (request.readyState !== 4) {
 
             return;
 
@@ -167,7 +167,7 @@ function get_principal(user, password, callback) {
 
  */
 
 function get_collections(user, password, collection, callback) {
 
     let request = new XMLHttpRequest();
 
-    request.open("PROPFIND", SERVER + collection.href, true, user, password);
 
+    request.open("PROPFIND", SERVER + collection.href, true, user, encodeURIComponent(password));
 
     request.setRequestHeader("depth", "1");
 
     request.onreadystatechange = function() {
 
         if (request.readyState !== 4) {
 
@@ -280,7 +280,7 @@ function get_collections(user, password, collection, callback) {
 
  */
 
 function upload_collection(user, password, collection_href, file, callback) {
 
     let request = new XMLHttpRequest();
 
-    request.open("PUT", SERVER + collection_href, true, user, password);
 
+    request.open("PUT", SERVER + collection_href, true, user, encodeURIComponent(password));
 
     request.onreadystatechange = function() {
 
         if (request.readyState !== 4) {
 
             return;
 
@@ -305,7 +305,7 @@ function upload_collection(user, password, collection_href, file, callback) {
 
  */
 
 function delete_collection(user, password, collection, callback) {
 
     let request = new XMLHttpRequest();
 
-    request.open("DELETE", SERVER + collection.href, true, user, password);
 
+    request.open("DELETE", SERVER + collection.href, true, user, encodeURIComponent(password));
 
     request.onreadystatechange = function() {
 
         if (request.readyState !== 4) {
 
             return;
 
@@ -330,7 +330,7 @@ function delete_collection(user, password, collection, callback) {
 
  */
 
 function create_edit_collection(user, password, collection, create, callback) {
 
     let request = new XMLHttpRequest();
 
-    request.open(create ? "MKCOL" : "PROPPATCH", SERVER + collection.href, true, user, password);
 
+    request.open(create ? "MKCOL" : "PROPPATCH", SERVER + collection.href, true, user, encodeURIComponent(password));
 
     request.onreadystatechange = function() {
 
         if (request.readyState !== 4) {
 
             return;