[tarent-useful-scripts SCM] {mirkarte} branch master updated. fc1353b11b79807fc604e21b7286a15f02e3b752

mirabilos at evolvis.org mirabilos at evolvis.org
Tue Jun 17 11:32:55 CEST 2014


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "MirKarte source code repository".

The branch, master has been updated
       via  fc1353b11b79807fc604e21b7286a15f02e3b752 (commit)
       via  a60337f0186b906e07109118bf9508f31f47e29f (commit)
       via  ee1cb37b223bccdd43b84d9e3ba2de045afda163 (commit)
       via  2ad8b7eb41309194c3d6d9617b0f252a27d57cb7 (commit)
       via  974620aa0954ee1bb8264c7a2a63f278ab6ab643 (commit)
       via  7bd9a9b1be618017ec7bebe9544f367ceecd10dd (commit)
       via  184d029d7300c84a809977b0d26ad1c80e67b440 (commit)
       via  2fed56dfb2c3efa3c97f2714c7226e9c3b31d79b (commit)
      from  8265b5a682fdd01c5892080f22542c7abc7bb9a5 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit fc1353b11b79807fc604e21b7286a15f02e3b752
Author: Thorsten Glaser <tg at mirbsd.org>
Date:   Tue Jun 17 11:31:30 2014 +0200

    use $ziparchive/$zipmember as “filename” for the layers from archives

commit a60337f0186b906e07109118bf9508f31f47e29f
Author: Thorsten Glaser <tg at mirbsd.org>
Date:   Tue Jun 17 11:30:45 2014 +0200

    escape filenames inside ZIP

commit ee1cb37b223bccdd43b84d9e3ba2de045afda163
Author: Thorsten Glaser <tg at mirbsd.org>
Date:   Tue Jun 17 11:28:49 2014 +0200

    lower default zoom level from 14 to 12

commit 2ad8b7eb41309194c3d6d9617b0f252a27d57cb7
Author: Thorsten Glaser <tg at mirbsd.org>
Date:   Tue Jun 17 11:28:06 2014 +0200

    always HTML-encode current_filename (using Prototype String extension)

commit 974620aa0954ee1bb8264c7a2a63f278ab6ab643
Author: Thorsten Glaser <tg at mirbsd.org>
Date:   Tue Jun 17 11:24:25 2014 +0200

    escape ‘&’ in layer name for HTML, cf. previous commit

commit 7bd9a9b1be618017ec7bebe9544f367ceecd10dd
Author: Thorsten Glaser <tg at mirbsd.org>
Date:   Tue Jun 17 11:23:34 2014 +0200

    Revert "fix failure to properly encode HTML in Leaflet (possible XSS)"
    because people may very well want to use HTML in layer names,
    and this allows us to stick with unmodified Leaflet
    
    This reverts commit 11fb78b1b3800543d7d39486f79a7d7f25af595b.

commit 184d029d7300c84a809977b0d26ad1c80e67b440
Merge: 8265b5a 2fed56d
Author: Thorsten Glaser <tg at mirbsd.org>
Date:   Tue Jun 17 11:22:09 2014 +0200

    dummy commit to mark “prehistoric version” as fully merged, no tree change

commit 2fed56dfb2c3efa3c97f2714c7226e9c3b31d79b
Author: Thorsten Glaser <t.glaser at tarent.de>
Date:   Tue Jun 17 11:16:28 2014 +0200

    final version of MirKarte v0β (taken from OC)

-----------------------------------------------------------------------

Summary of changes:
 leaflet/leaflet-src.js |    2 +-
 mirkarte.js            |   35 +++++++++++++++++++++--------------
 2 files changed, 22 insertions(+), 15 deletions(-)

diff --git a/leaflet/leaflet-src.js b/leaflet/leaflet-src.js
index 81fba84..c04a7c1 100644
--- a/leaflet/leaflet-src.js
+++ b/leaflet/leaflet-src.js
@@ -8541,7 +8541,7 @@ L.Control.Layers = L.Control.extend({
 		L.DomEvent.on(input, 'click', this._onInputClick, this);
 
 		var name = document.createElement('span');
-		name.appendChild(document.createTextNode(' ' + obj.name));
+		name.innerHTML = ' ' + obj.name;
 
 		label.appendChild(input);
 		label.appendChild(name);
diff --git a/mirkarte.js b/mirkarte.js
index 24586b4..fe1b4a5 100644
--- a/mirkarte.js
+++ b/mirkarte.js
@@ -119,9 +119,10 @@ var show_menu_marker = (function () {
 	}
 
 	var handleGpxFileLoaded = function (e) {
-		$("gpxupload").update("GPX " + current_filename + " loaded.");
+		$("gpxupload").update("GPX " + current_filename.escapeHTML() +
+		    " loaded.");
 		if (!/<gpx/.test(e.target.result))
-			$("gpxupload").update(current_filename +
+			$("gpxupload").update(current_filename.escapeHTML() +
 			    " is not a valid GPX file.");
 		var dom = (new DOMParser()).parseFromString(e.target.result,
 		    "text/xml");
@@ -157,28 +158,32 @@ var show_menu_marker = (function () {
 					s = s + "<br />" + x;
 				layer.bindPopup(s);
 			}
-		    }).addTo(map), current_filename);
+		    }).addTo(map), current_filename.escapeHTML());
 	};
 
 	var handleZipExtraction = function (entry) {
-		current_filename = entry.filename;
-		$("gpxupload").update("Extracting " + current_filename);
+		current_filename += "/" + entry.filename;
+		$("gpxupload").update("Extracting " +
+		    current_filename.escapeHTML());
 		entry.getData(new zip.BlobWriter(), function (asblob) {
-			$("gpxupload").update("Extracted " + current_filename);
+			$("gpxupload").update("Extracted " +
+			    current_filename.escapeHTML());
 			var reader = new FileReader();
 			reader.onload = handleGpxFileLoaded;
 			reader.readAsText(asblob);
 		    }, function (current, total) {
 			$("gpxupload").update("Extracting " +
-			    current_filename + "… " + current + "/" + total);
+			    current_filename.escapeHTML() + "… " +
+			    current + "/" + total);
 		    }, true);
 	};
 
 	var handleZipFileLoaded = function (entries) {
 		var ents = new Element("ul");
 		entries.forEach(function(entry) {
+			var fn = "" + entry.filename;
 			var a = new Element("a",
-			    {"href": "#"}).update(entry.filename);
+			    {"href": "#"}).update(fn.escapeHTML());
 			a.addEventListener("click", function(event) {
 				handleZipExtraction(entry);
 				event.preventDefault();
@@ -188,10 +193,11 @@ var show_menu_marker = (function () {
 		    });
 		if (ents.empty())
 			$("gpxupload").update("Empty ZIP file: " +
-			    current_filename);
+			    current_filename.escapeHTML());
 		else
 			$("gpxupload").update("Directory of " +
-			    current_filename + ":").appendChild(ents);
+			    current_filename.escapeHTML() +
+			    ":").appendChild(ents);
 	};
 
 	var handleFileSelect = function (e, filetype, cb) {
@@ -202,8 +208,9 @@ var show_menu_marker = (function () {
 			$("gpxupload").update("No file found.");
 			return;
 		}
-		current_filename = f.name;
-		$("gpxupload").update("Loading " + current_filename + "…");
+		current_filename = "" + f.name;
+		$("gpxupload").update("Loading " +
+		    current_filename.escapeHTML() + "…");
 		if (filetype == "zip") {
 			zip.createReader(new zip.BlobReader(f),
 			    function (zipReader) {
@@ -348,7 +355,7 @@ var fn_hashchange = function (event) {
 			czoom = czoom | 0;
 		} else {
 			/* default value */
-			czoom = 14;
+			czoom = 12;
 		}
 		params["zoom"] = czoom;
 
@@ -469,7 +476,7 @@ $(document).observe("dom:loaded", function () {
 			"attribution": attributions["OSM"]
 		},
 		{
-			"_name": "OSM Black&White (0..18)",
+			"_name": "OSM Black&White (0..18)",
 			"_url": "http://{s}.www.toolserver.org/tiles/bw-mapnik/{z}/{x}/{y}.png",
 			"attribution": attributions["OSM"]
 		},


hooks/post-receive
-- 
MirKarte source code repository
(Evolvis project useful-scripts repository mirkarte)


More information about the useful-scripts-commits mailing list