deltaspike-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tandrasc...@apache.org
Subject deltaspike git commit: DELTASPIKE-1071 URLs like ?&dswid=XYZ leads to window cloning
Date Thu, 04 Feb 2016 18:22:48 GMT
Repository: deltaspike
Updated Branches:
  refs/heads/master 6894ea5e2 -> 323c7d38e


DELTASPIKE-1071 URLs like ?&dswid=XYZ leads to window cloning

Project: http://git-wip-us.apache.org/repos/asf/deltaspike/repo
Commit: http://git-wip-us.apache.org/repos/asf/deltaspike/commit/323c7d38
Tree: http://git-wip-us.apache.org/repos/asf/deltaspike/tree/323c7d38
Diff: http://git-wip-us.apache.org/repos/asf/deltaspike/diff/323c7d38

Branch: refs/heads/master
Commit: 323c7d38e9d949385eb9d90c47e8971548ab5ed4
Parents: 6894ea5
Author: Thomas Andraschko <tandraschko@apache.org>
Authored: Thu Feb 4 19:22:41 2016 +0100
Committer: Thomas Andraschko <tandraschko@apache.org>
Committed: Thu Feb 4 19:22:41 2016 +0100

----------------------------------------------------------------------
 .../resources/deltaspike/windowhandler.js       | 70 +++++++++++++-------
 1 file changed, 45 insertions(+), 25 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/deltaspike/blob/323c7d38/deltaspike/modules/jsf/impl/src/main/resources/META-INF/resources/deltaspike/windowhandler.js
----------------------------------------------------------------------
diff --git a/deltaspike/modules/jsf/impl/src/main/resources/META-INF/resources/deltaspike/windowhandler.js
b/deltaspike/modules/jsf/impl/src/main/resources/META-INF/resources/deltaspike/windowhandler.js
index d101812..fabb36f 100644
--- a/deltaspike/modules/jsf/impl/src/main/resources/META-INF/resources/deltaspike/windowhandler.js
+++ b/deltaspike/modules/jsf/impl/src/main/resources/META-INF/resources/deltaspike/windowhandler.js
@@ -370,7 +370,7 @@ window.dswh = window.dswh || {
             return source.toLowerCase() === destination.toLowerCase();
         },
 
-        getUrlParameter : function (uri, name) {
+        getUrlParameter : function(uri, name) {
             // create an anchor object with the uri and let the browser parse it
             var a = document.createElement('a');
             a.href = uri;
@@ -391,34 +391,54 @@ window.dswh = window.dswh || {
             return null;
         },
 
-        setUrlParam : function (baseUrl, paramName, paramValue) {
-            var query = baseUrl;
-            var vars = query.split(/&|\?/g);
-            var newQuery = "";
-            var iParam = 0;
-            var paramFound = false;
-            for (var i=0; vars != null && i < vars.length; i++) {
-                var pair = vars[i].split("=");
-                if (pair.length == 1) {
-                    newQuery = pair[0];
-                } else {
-                    if (pair[0] != paramName) {
-                        var amp = iParam++ > 0 ? "&" : "?";
-                        newQuery =  newQuery + amp + pair[0] + "=" + pair[1];
+        setUrlParam : function(uri, parameterName, parameterValue) {
+            var a = document.createElement('a');
+            a.href = uri.replace('?&', '?').replace('&&', '&');
+
+            // set empty string as value if not defined or empty
+            if (!parameterValue || parameterValue.replace(/^\s+|\s+$/g, '').length === 0)
{
+                parameterValue = '';
+            }
+
+            // check if value is empty
+            if (parameterValue.length === 0) {
+
+                // both value and query string is empty (or doesn't contain the param), don't
touch the url
+                if (a.search.length === 0 || a.search.indexOf(parameterName + "=") === -1)
{
+                    return a.href;
+                }
+            }
+
+            // query string is empty, just append our new parameter
+            if (a.search.length === 0) {
+                a.search = '?' + encodeURIComponent(parameterName) + "=" + encodeURIComponent(parameterValue);
+
+                return a.href;
+            }
+
+            // loop old paramaters and build array with new parameters
+            var oldParameters = a.search.substring(1).split('&');
+            var newParameters = [];
+
+            for (var i = 0; i < oldParameters.length; i++) {
+                var oldParameterPair = oldParameters[i];
+                var oldParameterName = oldParameterPair.split('=')[0];
+                var oldParameterValue = oldParameterPair.split('=')[1];
+
+                // don't add empty parameters again
+                if (oldParameterValue && oldParameterValue.replace(/^\s+|\s+$/g,
'').length > 0) {
+                    if (oldParameterName === parameterName) {
+                        newParameters.push(oldParameterName + "=" + encodeURIComponent(parameterValue));
                     } else {
-                        paramFound = true;
-                        if (paramValue) {
-                            var amp = iParam++ > 0 ? "&" : "?";
-                            newQuery =  newQuery + amp + paramName + "=" + paramValue;
-                        }
+                        newParameters.push(oldParameterName + "=" + oldParameterValue);
                     }
                 }
             }
-            if (!paramFound && paramValue) {
-                var amp = iParam++ > 0 ? "&" : "?";
-                newQuery =  newQuery + amp + paramName + "=" + paramValue;
-            }
-            return newQuery;
+
+            // join new parameters
+            a.search = '?' + newParameters.join('&');
+
+            return a.href;
         },
 
         appendHiddenWindowIdToForms : function() {


Mime
View raw message