www.spaceplanner.app

Web client to the spaceplanner API
git clone git://jacobedwards.org/www.spaceplanner.app
Log | Files | Refs
commit ac4bec6185675121dc2a63f76bd709cb687c0934
parent b9d6a97b72ba8044ad59f9b9b3888f2b9ea9c62d
Author: Jacob R. Edwards <jacob@jacobedwards.org>
Date:   Wed,  7 Aug 2024 19:06:08 -0700

Escape any special characters in username or floorplan name

Diffstat:

Mfiles/floorplans/main.css | 5+++++


Mfiles/floorplans/main.js | 8++++----


Mfiles/lib/etc.js | 4++++


3 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/files/floorplans/main.css b/files/floorplans/main.css
@@ -45,6 +45,10 @@
 	opacity: 100%;
 }
 
+.floorplan > header {
+	min-height: 25%;
+}
+
 input.fp_name {
 	font-size: larger;
 }
@@ -55,4 +59,5 @@ input.fp_address {
 
 input {
 	display: block;
+	max-width: 80%;
 }
diff --git a/files/floorplans/main.js b/files/floorplans/main.js
@@ -21,7 +21,7 @@ function init() {
 		)
 	)
 
-	api.fetch("GET", "floorplans/" + localStorage.getItem("username"))
+	api.fetch("GET", "floorplans/" + etc.url_literal(localStorage.getItem("username")))
 		.then(show_floorplans)
 }
 
@@ -76,7 +76,7 @@ function commit_editable_floorplan_func(element, data) {
 			return
 		}
 
-		return api.fetch("PATCH", "floorplans/" + localStorage.getItem("username") + "/" + data.name, patches)
+		return api.fetch("PATCH", "floorplans/" + etc.url_literal(localStorage.getItem("username")) + "/" + etc.url_literal(data.name), patches)
 			.then(function(rdata) {
 				for (let i in rdata) {
 					data[i] = rdata[i]
@@ -103,7 +103,7 @@ function editable_floorplan_create_func(element) {
 			}
 		}
 
-		return api.fetch("POST", "floorplans/" + localStorage.getItem("username"), data)
+		return api.fetch("POST", "floorplans/" + etc.url_literal(localStorage.getItem("username")), data)
 			.then(function(rdata) {
 				for (let i in rdata) {
 					data[i] = rdata[i]
@@ -184,7 +184,7 @@ function make_input(name, options) {
 
 function delete_floorplan_func(item, floorplan) {
 	return function() {
-		api.fetch("DELETE", "floorplans/" + floorplan.user + "/" + floorplan.name)
+		api.fetch("DELETE", "floorplans/" + etc.url_literal(floorplan.user) + "/" + etc.url_literal(floorplan.name))
 			.then(function() {
 				item.parentElement.remove()
 			})
diff --git a/files/lib/etc.js b/files/lib/etc.js
@@ -79,3 +79,7 @@ export function handle_wrap(func, on) {
 		}
 	}
 }
+
+export function url_literal(text) {
+	return encodeURIComponent(text)
+}