BUGFIX Encoding multibyte characters in custom X-Status HTTP headers used in CMS (headers don't allow multibyte data)

2024-10-22 14:05:37 +02:00 · 2012-05-14 15:13:49 +02:00 · 2012-05-14 15:13:49 +02:00 · d42ea5a9d6
commit d42ea5a9d6
parent 45ae2465e8
4 changed files with 8 additions and 10 deletions
--- a/admin/code/LeftAndMain.php
+++ b/admin/code/LeftAndMain.php
@ -726,7 +726,7 @@ class LeftAndMain extends Controller implements PermissionProvider {
 		$this->extend('onAfterSave', $record);
 		$this->setCurrentPageID($record->ID);
-		$this->response->addHeader('X-Status', _t('LeftAndMain.SAVEDUP'));
+		$this->response->addHeader('X-Status', rawurlencode(_t('LeftAndMain.SAVEDUP')));
 		return $this->getResponseNegotiator()->respond($this->request);
 	}
@ -739,7 +739,7 @@ class LeftAndMain extends Controller implements PermissionProvider {
 		$record->delete();
-		$this->response->addHeader('X-Status', _t('LeftAndMain.SAVEDUP'));
+		$this->response->addHeader('X-Status', rawurlencode(_t('LeftAndMain.SAVEDUP')));
 		return $this->getResponseNegotiator()->respond(
 			$this->request, 
 			array('currentform' => array($this, 'EmptyForm'))
@ -809,7 +809,7 @@ class LeftAndMain extends Controller implements PermissionProvider {
 				}
 			}
-			$this->response->addHeader('X-Status', _t('LeftAndMain.REORGANISATIONSUCCESSFUL', 'Reorganised the site tree successfully.'));
+			$this->response->addHeader('X-Status', rawurlencode(_t('LeftAndMain.REORGANISATIONSUCCESSFUL', 'Reorganised the site tree successfully.')));
 		}
 		// Update sorting
@ -830,7 +830,7 @@ class LeftAndMain extends Controller implements PermissionProvider {
 				}
 			}
-			$this->response->addHeader('X-Status', _t('LeftAndMain.REORGANISATIONSUCCESSFUL', 'Reorganised the site tree successfully.'));
+			$this->response->addHeader('X-Status', rawurlencode(_t('LeftAndMain.REORGANISATIONSUCCESSFUL', 'Reorganised the site tree successfully.')));
 		}
 		return Convert::raw2json($statusUpdates);
--- a/admin/javascript/LeftAndMain.BatchActions.js
+++ b/admin/javascript/LeftAndMain.BatchActions.js
@ -246,9 +246,9 @@
 						// Reset action
 						self.find(':input[name=Action]').val('').change();
-						// status message
+						// status message (decode into UTF-8, HTTP headers don't allow multibyte)
 						var msg = xmlhttp.getResponseHeader('X-Status');
-						if(msg) statusMessage(msg, (status == 'success') ? 'good' : 'bad');
+						if(msg) statusMessage(decodeURIComponent(msg), (status == 'success') ? 'good' : 'bad');
 					},
 					success: function(data, status) {
 						var id, node;
--- a/admin/javascript/LeftAndMain.Content.js
+++ b/admin/javascript/LeftAndMain.Content.js
@ -147,9 +147,6 @@
 					this.trigger('reloadeditform', {form: form, origData: origData, xmlhttp: xmlhttp});
 				}
 				// set status message based on response
 				var _statusMessage = (xmlhttp.getResponseHeader('X-Status')) ? xmlhttp.getResponseHeader('X-Status') : xmlhttp.statusText;
 			},
 			/**
--- a/admin/javascript/LeftAndMain.js
+++ b/admin/javascript/LeftAndMain.js
@ -55,7 +55,8 @@ jQuery.noConflict();
 			// Show message (but ignore aborted requests)
 			if(xhr.status !== 0 && msg && $.inArray(msg, ignoredMessages)) {
-				statusMessage(msg, msgType);
+				// Decode into UTF-8, HTTP headers don't allow multibyte
 				statusMessage(decodeURIComponent(msg), msgType);
 			}
 		});