[fusion-commits] r2567 - in trunk: layers/MapGuide lib widgets
svn_fusion at osgeo.org
svn_fusion at osgeo.org
Wed Aug 8 08:30:55 PDT 2012
Author: jng
Date: 2012-08-08 08:30:54 -0700 (Wed, 08 Aug 2012)
New Revision: 2567
Modified:
trunk/layers/MapGuide/MapGuide.js
trunk/lib/ApplicationDefinition.js
trunk/lib/fusion.js
trunk/widgets/AddWMSLayer.js
trunk/widgets/MapMenu.js
trunk/widgets/Measure.js
trunk/widgets/SaveSession.js
trunk/widgets/SelectAttribute.js
Log:
#531: Replace all instances of eval() in Fusion where it is used for JSON processing and replace it with Fusion.parseJSON(), which will use the native JSON.parse(). It still currently uses eval() if there is no native JSON object support, but that evil is at least localized to a central spot, which we'll eventually replace with a JSON.parse shim where it is not supported (ie. IE!)
Modified: trunk/layers/MapGuide/MapGuide.js
===================================================================
--- trunk/layers/MapGuide/MapGuide.js 2012-08-06 15:05:25 UTC (rev 2566)
+++ trunk/layers/MapGuide/MapGuide.js 2012-08-08 15:30:54 UTC (rev 2567)
@@ -151,8 +151,7 @@
createSessionCB: function(xhr) {
if (xhr.status == 200) {
- var o;
- eval('o='+xhr.responseText);
+ var o = Fusion.parseJSON(xhr.responseText);
if (o.success === false) {
Fusion.reportError(o.message);
} else {
@@ -241,8 +240,7 @@
mapLoaded: function(r) {
if (r.status == 200) {
- var o;
- eval('o='+r.responseText);
+ var o = Fusion.parseJSON(r.responseText);
this._sResourceId = o.mapId;
this._sMapname = o.mapName;
this._sMapTitle = o.mapTitle;
@@ -485,8 +483,7 @@
scaleRangesLoaded: function(r)
{
if (r.status == 200) {
- var o;
- eval('o='+r.responseText);
+ var o = Fusion.parseJSON(r.responseText);
if (o.layers && o.layers.length > 0) {
var iconOpt = {
url: o.icons_url || null,
@@ -512,8 +509,7 @@
//TBD: this function not yet converted for OL
mapReloaded: function(oldLayers,r) {
if (r.status == 200) {
- var o;
- eval('o='+r.responseText);
+ var o = Fusion.parseJSON(r.responseText);
this.parseMapLayersAndGroups(o);
for (var i=0; i<this.aLayers.length; ++i) {
var newLayer = this.aLayers[i];
@@ -549,8 +545,7 @@
mapLayersReset: function(aLayerIndex,r) {
if (r.status == 200) {
- var o;
- eval('o='+r.responseText);
+ var o = Fusion.parseJSON(r.responseText);
if (o.success) {
var layerCopy = $A(this.aLayers);
this.aLayers = [];
@@ -823,8 +818,7 @@
getSelectionCB: function(userFunc, r) {
if (r.status == 200) {
- var o;
- eval("o="+r.responseText);
+ var o = Fusion.parseJSON(r.responseText);
var oSelection = new Fusion.SelectionObject(o);
userFunc(oSelection);
}
@@ -1040,8 +1034,7 @@
processSelectedFeatureProperties: function(r) {
this.mapWidget._removeWorker();
if (r.responseText) { //TODO: make the equivalent change to MapServer.js
- var oNode;
- eval('oNode='+r.responseText);
+ var oNode = Fusion.parseJSON(r.responseText);
if (oNode.hasSelection) {
this.newSelection();
@@ -1059,8 +1052,7 @@
renderSelection: function(zoomTo, r) {
this.mapWidget._removeWorker();
if (r.responseText) { //TODO: make the equivalent change to MapServer.js
- var oNode;
- eval('oNode='+r.responseText);
+ var oNode = Fusion.parseJSON(r.responseText);
if (oNode.hasSelection) {
if (this.selectionAsOverlay) {
@@ -1236,8 +1228,7 @@
crtlClickDisplay: function(xhr) {
//console.log('ctrlclcik _display');
if (xhr.status == 200) {
- var o;
- eval('o='+xhr.responseText);
+ var o = Fusion.parseJSON(xhr.responseText);
var h = o['FeatureInformation']['Hyperlink'];
if (h) {
window.open(h[0], "");
@@ -1272,8 +1263,7 @@
checkPingResponse: function(xhr) {
if (xhr.responseText) {
- var o;
- eval("o="+xhr.responseText);
+ var o = Fusion.parseJSON(xhr.responseText);
if (!o.success) {
Fusion.reportError(o.message);
clearInterval(this.keepAliveTimer);
@@ -1351,7 +1341,7 @@
parseMapTip: function(xhr) {
var o;
- eval("tooltip="+xhr.responseText);
+ var tooltip = Fusion.parseJSON(xhr.responseText);
this.oMaptip = {t:"",h:""};
var t = tooltip['FeatureInformation']['Tooltip'];
if (t) {
@@ -1409,7 +1399,7 @@
},
processSelectedFeatureInfo: function (r, mergeSelection) {
- eval('o='+r.responseText);
+ var o = Fusion.parseJSON(r.responseText);
var newSelection = new Fusion.SimpleSelectionObject(o);
if(mergeSelection == true)
Modified: trunk/lib/ApplicationDefinition.js
===================================================================
--- trunk/lib/ApplicationDefinition.js 2012-08-06 15:05:25 UTC (rev 2566)
+++ trunk/lib/ApplicationDefinition.js 2012-08-08 15:30:54 UTC (rev 2567)
@@ -145,8 +145,7 @@
createSessionThenGetAppDefCB : function(xhr) {
if (xhr && typeof(xhr) == "object" && xhr.responseText) {
- var o;
- eval("o="+xhr.responseText);
+ var o = Fusion.parseJSON(xhr.responseText);
this.sessionId = o.sessionId;
Fusion.sessionId = this.sessionId;
}
@@ -162,8 +161,7 @@
},
getAppDefCB: function(xhr) {
- var o;
- eval("o="+xhr.responseText);
+ var o = Fusion.parseJSON(xhr.responseText);
this.parseAppDef(o);
Fusion.setLoadState(Fusion.LOAD_WIDGETS);
},
@@ -927,7 +925,7 @@
*/
if (widgetName != null && (widgetName == '' || $(widgetName) != null)) {
this.name = widgetName;
- widget = eval("new Fusion.Widget."+this.type+"(this)");
+ widget = new Fusion.Widget[this.type](this);
widgetSet.addWidgetInstance(widget);
if (this.name.length>0 && $(this.name)) {
widget.id = this.name;
Modified: trunk/lib/fusion.js
===================================================================
--- trunk/lib/fusion.js 2012-08-06 15:05:25 UTC (rev 2566)
+++ trunk/lib/fusion.js 2012-08-08 15:30:54 UTC (rev 2567)
@@ -716,6 +716,25 @@
var temp = new OpenLayers.Ajax.Request(url, options);
},
+ /**
+ * Function: parseJSON
+ *
+ * Parses the given JSON string to a javascript object. This is safer than using eval() as there is no possibility of
+ * arbitrary code execution
+ *
+ * Parameter: {String} str - The JSON string to parse
+ *
+ */
+ parseJSON: function(str) {
+ var o;
+ if (typeof(JSON) != 'undefined') {
+ o = JSON.parse(str);
+ } else {
+ eval('o='+str); //TODO: Still evil for now, but the evil is localized to this one spot. Replace with a JSON.parse shim
+ }
+ return o;
+ },
+
/**
* Function: xml2json
*
Modified: trunk/widgets/AddWMSLayer.js
===================================================================
--- trunk/widgets/AddWMSLayer.js 2012-08-06 15:05:25 UTC (rev 2566)
+++ trunk/widgets/AddWMSLayer.js 2012-08-08 15:30:54 UTC (rev 2567)
@@ -133,7 +133,7 @@
if (r.responseText) {
var gCatalogLayersObj;
try {
- eval('gCatalogLayersObj='+r.responseText);
+ gCatalogLayersObj = Fusion.parseJSON(r.responseText);
} catch (e) {
gCatalogLayersObj = {'error': e.stack};
}
@@ -217,8 +217,7 @@
if o.addedLayer = true else something when wrong.
*/
addWMSLayerCB: function(r) {
- var o = '';
- eval('o='+r.responseText);
+ var o = Fusion.parseJSON(r.responseText);
if(o.addedLayer == true){
var map = this.oMap;
Modified: trunk/widgets/MapMenu.js
===================================================================
--- trunk/widgets/MapMenu.js 2012-08-06 15:05:25 UTC (rev 2566)
+++ trunk/widgets/MapMenu.js 2012-08-08 15:30:54 UTC (rev 2567)
@@ -128,8 +128,7 @@
processMSMapMenu: function(r) {
if (r.status == 200) {
- var o;
- eval("o="+r.responseText);
+ var o = Fusion.parseJSON(r.responseText);
//var testData = '{"success":true,"errorMessages":[],"values":[{
// "sPath":"/ms4w/apps/gmap/cap/HamiltonLowIncome.map",
// "sPermissions":"2",
@@ -190,8 +189,7 @@
processMapMenu: function(r) {
if (r.status == 200) {
- var o;
- eval("o="+r.responseText);
+ var o = Fusion.parseJSON(r.responseText);
this.menus = {};
for (var i=0; i<o.maps.length; i++) {
var map = o.maps[i];
Modified: trunk/widgets/Measure.js
===================================================================
--- trunk/widgets/Measure.js 2012-08-06 15:05:25 UTC (rev 2566)
+++ trunk/widgets/Measure.js 2012-08-08 15:30:54 UTC (rev 2567)
@@ -548,8 +548,7 @@
remoteMeasureCompleted: function(from, to, marker, r) {
if (r.status == 200) {
- var o;
- eval('o='+r.responseText);
+ var o = Fusion.parseJSON(r.responseText);
if (o.distance) {
/* distance returned is always in meters*/
//var mapUnits = Fusion.unitFromName(this.getMap().getUnits());
Modified: trunk/widgets/SaveSession.js
===================================================================
--- trunk/widgets/SaveSession.js 2012-08-06 15:05:25 UTC (rev 2566)
+++ trunk/widgets/SaveSession.js 2012-08-08 15:30:54 UTC (rev 2567)
@@ -115,8 +115,7 @@
mapname: mapLayer.getMapName()
}),
onComplete: function(xhr) {
- var o;
- eval('o='+xhr.responseText);
+ var o = Fusion.parseJSON(xhr.responseText);
that.saveCallBack(o);
}
};
Modified: trunk/widgets/SelectAttribute.js
===================================================================
--- trunk/widgets/SelectAttribute.js 2012-08-06 15:05:25 UTC (rev 2566)
+++ trunk/widgets/SelectAttribute.js 2012-08-08 15:30:54 UTC (rev 2567)
@@ -96,7 +96,7 @@
setAttributes: function(xhr) {
if (xhr.status < 400) {
- eval('this.attrs='+xhr.responseText);
+ this.attrs = Fusion.parseJSON(xhr.responseText);
}
},
More information about the fusion-commits
mailing list