inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
2dc5132eb6e2d57bd1ebe6885d2923781f04abea
alfresco-community-repo/source/web/scripts/upload_helper.js
Alan Davis 7e44580cb3 Merged HEAD-BUG-FIX to HEAD (4.2) 
55497: Merged V4.1-BUG-FIX (4.1.7) to HEAD-BUG-FIX (4.2)
      55387: Fix for MNT-9628 - CLONE - uploadFileServlet return-page vulnerability javascript


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@55780 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2013-09-20 20:48:03 +00:00

82 lines
2.2 KiB
JavaScript
Raw Blame History

var _uploads = [];
function handle_upload_helper(fileInputElement,
uploadId,
callback,
contextPath,
actionUrl,
params)
{
var id = fileInputElement.getAttribute("name");
var d = fileInputElement.ownerDocument;
var w = d.defaultView || d.parentWindow;
var iframe = d.createElement("iframe");
iframe.style.display = "none";
iframe.name = id + "upload_frame";
iframe.id = iframe.name;
d.body.appendChild(iframe);
// makes it possible to target the frame properly in ie.
w.frames[iframe.name].name = iframe.name;
_uploads[uploadId] = { path: fileInputElement.value, callback: callback };
var form = d.createElement("form");
d.body.appendChild(form);
form.id = id + "_upload_form";
form.name = form.id;
form.style.display = "none";
form.method = "post";
form.encoding = "multipart/form-data";
form.enctype = "multipart/form-data";
form.target = iframe.name;
if (actionUrl != undefined && actionUrl != null)
{
actionUrl = contextPath + actionUrl;
}
else
{
actionUrl = contextPath + "/uploadFileServlet"
}
form.action = actionUrl;
form.appendChild(fileInputElement);
var id = d.createElement("input");
id.type = "hidden";
form.appendChild(id);
id.name = "upload-id";
id.value = uploadId;
for (var i in params)
{
var p = d.createElement("input");
p.type = "hidden";
form.appendChild(p);
id.name = i;
id.value = params[i];
}
var rp = d.createElement("input");
rp.type = "hidden";
form.appendChild(rp);
rp.name = "return-page";
if (w != window)
{
w.upload_complete_helper = window.upload_complete_helper;
}
rp.value = "{id: '" + uploadId + "', args: {error: '${_UPLOAD_ERROR}', fileTypeImage: '${_FILE_TYPE_IMAGE}'}}";
form.submit();
}
function upload_complete_helper(id, args)
{
var upload = _uploads[id];
upload.callback(id,
upload.path,
upload.path.replace(/.*[\/\\]([^\/\\]+)/, "$1"),
args.fileTypeImage,
args.error != "${_UPLOAD_ERROR}" ? args.error : null);
}
Reference in New Issue View Git Blame Copy Permalink