[fusion-commits] r2568 - in branches/fusion-mg24: . layers/MapGuide lib widgets widgets/QuickPlot
svn_fusion at osgeo.org
svn_fusion at osgeo.org
Wed Aug 8 08:38:23 PDT 2012
Author: jng
Date: 2012-08-08 08:38:22 -0700 (Wed, 08 Aug 2012)
New Revision: 2568
Modified:
branches/fusion-mg24/
branches/fusion-mg24/layers/MapGuide/MapGuide.js
branches/fusion-mg24/lib/ApplicationDefinition.js
branches/fusion-mg24/lib/MapMessage.js
branches/fusion-mg24/lib/fusion.js
branches/fusion-mg24/widgets/AddWMSLayer.js
branches/fusion-mg24/widgets/BasemapSwitcher.js
branches/fusion-mg24/widgets/MapMenu.js
branches/fusion-mg24/widgets/Measure.js
branches/fusion-mg24/widgets/QuickPlot/GeneratePicture.php
branches/fusion-mg24/widgets/QuickPlot/PreviewDialog.js
branches/fusion-mg24/widgets/SaveSession.js
branches/fusion-mg24/widgets/SelectAttribute.js
Log:
#531: Replace all instances of eval() in Fusion where it is used for JSON processing and replace it with Fusion.parseJSON(), which will use the native JSON.parse(). It still currently uses eval() if there is no native JSON object support, but that evil is at least localized to a central spot, which we'll eventually replace with a JSON.parse shim where it is not supported (ie. IE!)
Property changes on: branches/fusion-mg24
___________________________________________________________________
Modified: svn:mergeinfo
- /sandbox/jxlib-3.0:1957-2248
/trunk:2565
+ /sandbox/jxlib-3.0:1957-2248
/trunk:2565,2567
Modified: branches/fusion-mg24/layers/MapGuide/MapGuide.js
===================================================================
--- branches/fusion-mg24/layers/MapGuide/MapGuide.js 2012-08-08 15:30:54 UTC (rev 2567)
+++ branches/fusion-mg24/layers/MapGuide/MapGuide.js 2012-08-08 15:38:22 UTC (rev 2568)
@@ -151,8 +151,7 @@
createSessionCB: function(xhr) {
if (xhr.status == 200) {
- var o;
- eval('o='+xhr.responseText);
+ var o = Fusion.parseJSON(xhr.responseText);
if (o.success === false) {
Fusion.reportError(o.message);
} else {
@@ -241,8 +240,7 @@
mapLoaded: function(r) {
if (r.status == 200) {
- var o;
- eval('o='+r.responseText);
+ var o = Fusion.parseJSON(r.responseText);
this._sResourceId = o.mapId;
this._sMapname = o.mapName;
this._sMapTitle = o.mapTitle;
@@ -485,8 +483,7 @@
scaleRangesLoaded: function(r)
{
if (r.status == 200) {
- var o;
- eval('o='+r.responseText);
+ var o = Fusion.parseJSON(r.responseText);
if (o.layers && o.layers.length > 0) {
var iconOpt = {
url: o.icons_url || null,
@@ -512,8 +509,7 @@
//TBD: this function not yet converted for OL
mapReloaded: function(oldLayers,r) {
if (r.status == 200) {
- var o;
- eval('o='+r.responseText);
+ var o = Fusion.parseJSON(r.responseText);
this.parseMapLayersAndGroups(o);
for (var i=0; i<this.aLayers.length; ++i) {
var newLayer = this.aLayers[i];
@@ -549,8 +545,7 @@
mapLayersReset: function(aLayerIndex,r) {
if (r.status == 200) {
- var o;
- eval('o='+r.responseText);
+ var o = Fusion.parseJSON(r.responseText);
if (o.success) {
var layerCopy = $A(this.aLayers);
this.aLayers = [];
@@ -823,8 +818,7 @@
getSelectionCB: function(userFunc, r) {
if (r.status == 200) {
- var o;
- eval("o="+r.responseText);
+ var o = Fusion.parseJSON(r.responseText);
var oSelection = new Fusion.SelectionObject(o);
userFunc(oSelection);
}
@@ -1040,8 +1034,7 @@
processSelectedFeatureProperties: function(r) {
this.mapWidget._removeWorker();
if (r.responseText) { //TODO: make the equivalent change to MapServer.js
- var oNode;
- eval('oNode='+r.responseText);
+ var oNode = Fusion.parseJSON(r.responseText);
if (oNode.hasSelection) {
this.newSelection();
@@ -1059,8 +1052,7 @@
renderSelection: function(zoomTo, r) {
this.mapWidget._removeWorker();
if (r.responseText) { //TODO: make the equivalent change to MapServer.js
- var oNode;
- eval('oNode='+r.responseText);
+ var oNode = Fusion.parseJSON(r.responseText);
if (oNode.hasSelection) {
if (this.selectionAsOverlay) {
@@ -1236,8 +1228,7 @@
crtlClickDisplay: function(xhr) {
//console.log('ctrlclcik _display');
if (xhr.status == 200) {
- var o;
- eval('o='+xhr.responseText);
+ var o = Fusion.parseJSON(xhr.responseText);
var h = o['FeatureInformation']['Hyperlink'];
if (h) {
window.open(h[0], "");
@@ -1272,8 +1263,7 @@
checkPingResponse: function(xhr) {
if (xhr.responseText) {
- var o;
- eval("o="+xhr.responseText);
+ var o = Fusion.parseJSON(xhr.responseText);
if (!o.success) {
Fusion.reportError(o.message);
clearInterval(this.keepAliveTimer);
@@ -1351,7 +1341,7 @@
parseMapTip: function(xhr) {
var o;
- eval("tooltip="+xhr.responseText);
+ var tooltip = Fusion.parseJSON(xhr.responseText);
this.oMaptip = {t:"",h:""};
var t = tooltip['FeatureInformation']['Tooltip'];
if (t) {
@@ -1409,7 +1399,7 @@
},
processSelectedFeatureInfo: function (r, mergeSelection) {
- eval('o='+r.responseText);
+ var o = Fusion.parseJSON(r.responseText);
var newSelection = new Fusion.SimpleSelectionObject(o);
if(mergeSelection == true)
Modified: branches/fusion-mg24/lib/ApplicationDefinition.js
===================================================================
--- branches/fusion-mg24/lib/ApplicationDefinition.js 2012-08-08 15:30:54 UTC (rev 2567)
+++ branches/fusion-mg24/lib/ApplicationDefinition.js 2012-08-08 15:38:22 UTC (rev 2568)
@@ -145,8 +145,7 @@
createSessionThenGetAppDefCB : function(xhr) {
if (xhr && typeof(xhr) == "object" && xhr.responseText) {
- var o;
- eval("o="+xhr.responseText);
+ var o = Fusion.parseJSON(xhr.responseText);
this.sessionId = o.sessionId;
Fusion.sessionId = this.sessionId;
}
@@ -162,8 +161,7 @@
},
getAppDefCB: function(xhr) {
- var o;
- eval("o="+xhr.responseText);
+ var o = Fusion.parseJSON(xhr.responseText);
this.parseAppDef(o);
Fusion.setLoadState(Fusion.LOAD_WIDGETS);
},
@@ -927,7 +925,7 @@
*/
if (widgetName != null && (widgetName == '' || $(widgetName) != null)) {
this.name = widgetName;
- widget = eval("new Fusion.Widget."+this.type+"(this)");
+ widget = new Fusion.Widget[this.type](this);
widgetSet.addWidgetInstance(widget);
if (this.name.length>0 && $(this.name)) {
widget.id = this.name;
Property changes on: branches/fusion-mg24/lib/ApplicationDefinition.js
___________________________________________________________________
Modified: svn:mergeinfo
- /sandbox/adsk/2.4j/lib/ApplicationDefinition.js:2486-2514
/sandbox/jxlib-3.0/lib/ApplicationDefinition.js:1957-2248
/trunk/lib/ApplicationDefinition.js:2469-2485,2565
+ /sandbox/adsk/2.4j/lib/ApplicationDefinition.js:2486-2514
/sandbox/jxlib-3.0/lib/ApplicationDefinition.js:1957-2248
/trunk/lib/ApplicationDefinition.js:2469-2485,2565,2567
Property changes on: branches/fusion-mg24/lib/MapMessage.js
___________________________________________________________________
Modified: svn:mergeinfo
- /sandbox/adsk/2.4j/lib/MapMessage.js:2486-2514
/sandbox/jxlib-3.0/lib/MapMessage.js:1957-2248
/trunk/lib/MapMessage.js:2469-2485,2565
+ /sandbox/adsk/2.4j/lib/MapMessage.js:2486-2514
/sandbox/jxlib-3.0/lib/MapMessage.js:1957-2248
/trunk/lib/MapMessage.js:2469-2485,2565,2567
Modified: branches/fusion-mg24/lib/fusion.js
===================================================================
--- branches/fusion-mg24/lib/fusion.js 2012-08-08 15:30:54 UTC (rev 2567)
+++ branches/fusion-mg24/lib/fusion.js 2012-08-08 15:38:22 UTC (rev 2568)
@@ -716,6 +716,25 @@
var temp = new OpenLayers.Ajax.Request(url, options);
},
+ /**
+ * Function: parseJSON
+ *
+ * Parses the given JSON string to a javascript object. This is safer than using eval() as there is no possibility of
+ * arbitrary code execution
+ *
+ * Parameter: {String} str - The JSON string to parse
+ *
+ */
+ parseJSON: function(str) {
+ var o;
+ if (typeof(JSON) != 'undefined') {
+ o = JSON.parse(str);
+ } else {
+ eval('o='+str); //TODO: Still evil for now, but the evil is localized to this one spot. Replace with a JSON.parse shim
+ }
+ return o;
+ },
+
/**
* Function: xml2json
*
Modified: branches/fusion-mg24/widgets/AddWMSLayer.js
===================================================================
--- branches/fusion-mg24/widgets/AddWMSLayer.js 2012-08-08 15:30:54 UTC (rev 2567)
+++ branches/fusion-mg24/widgets/AddWMSLayer.js 2012-08-08 15:38:22 UTC (rev 2568)
@@ -133,7 +133,7 @@
if (r.responseText) {
var gCatalogLayersObj;
try {
- eval('gCatalogLayersObj='+r.responseText);
+ gCatalogLayersObj = Fusion.parseJSON(r.responseText);
} catch (e) {
gCatalogLayersObj = {'error': e.stack};
}
@@ -217,8 +217,7 @@
if o.addedLayer = true else something when wrong.
*/
addWMSLayerCB: function(r) {
- var o = '';
- eval('o='+r.responseText);
+ var o = Fusion.parseJSON(r.responseText);
if(o.addedLayer == true){
var map = this.oMap;
Property changes on: branches/fusion-mg24/widgets/BasemapSwitcher.js
___________________________________________________________________
Modified: svn:mergeinfo
- /sandbox/adsk/2.4j/widgets/BasemapSwitcher.js:2486-2526
/sandbox/jxlib-3.0/widgets/BasemapSwitcher.js:1957-2248
/trunk/widgets/BasemapSwitcher.js:2469-2485,2565
+ /sandbox/adsk/2.4j/widgets/BasemapSwitcher.js:2486-2526
/sandbox/jxlib-3.0/widgets/BasemapSwitcher.js:1957-2248
/trunk/widgets/BasemapSwitcher.js:2469-2485,2565,2567
Modified: branches/fusion-mg24/widgets/MapMenu.js
===================================================================
--- branches/fusion-mg24/widgets/MapMenu.js 2012-08-08 15:30:54 UTC (rev 2567)
+++ branches/fusion-mg24/widgets/MapMenu.js 2012-08-08 15:38:22 UTC (rev 2568)
@@ -128,8 +128,7 @@
processMSMapMenu: function(r) {
if (r.status == 200) {
- var o;
- eval("o="+r.responseText);
+ var o = Fusion.parseJSON(r.responseText);
//var testData = '{"success":true,"errorMessages":[],"values":[{
// "sPath":"/ms4w/apps/gmap/cap/HamiltonLowIncome.map",
// "sPermissions":"2",
@@ -194,8 +193,7 @@
processMapMenu: function(r) {
if (r.status == 200) {
- var o;
- eval("o="+r.responseText);
+ var o = Fusion.parseJSON(r.responseText);
this.menus = {};
for (var i=0; i<o.maps.length; i++) {
var map = o.maps[i];
Modified: branches/fusion-mg24/widgets/Measure.js
===================================================================
--- branches/fusion-mg24/widgets/Measure.js 2012-08-08 15:30:54 UTC (rev 2567)
+++ branches/fusion-mg24/widgets/Measure.js 2012-08-08 15:38:22 UTC (rev 2568)
@@ -548,8 +548,7 @@
remoteMeasureCompleted: function(from, to, marker, r) {
if (r.status == 200) {
- var o;
- eval('o='+r.responseText);
+ var o = Fusion.parseJSON(r.responseText);
if (o.distance) {
/* distance returned is always in meters*/
//var mapUnits = Fusion.unitFromName(this.getMap().getUnits());
Property changes on: branches/fusion-mg24/widgets/QuickPlot/GeneratePicture.php
___________________________________________________________________
Modified: svn:mergeinfo
- /sandbox/adsk/2.4jbeta2/widgets/QuickPlot/GeneratePicture.php:2488-2498
/sandbox/jxlib-3.0/widgets/QuickPlot/GeneratePicture.php:1957-2248
/trunk/widgets/QuickPlot/GeneratePicture.php:2469-2487,2565
+ /sandbox/adsk/2.4jbeta2/widgets/QuickPlot/GeneratePicture.php:2488-2498
/sandbox/jxlib-3.0/widgets/QuickPlot/GeneratePicture.php:1957-2248
/trunk/widgets/QuickPlot/GeneratePicture.php:2469-2487,2565,2567
Property changes on: branches/fusion-mg24/widgets/QuickPlot/PreviewDialog.js
___________________________________________________________________
Modified: svn:mergeinfo
- /sandbox/adsk/2.4j/widgets/QuickPlot/PreviewDialog.js:2486-2528
/sandbox/jxlib-3.0/widgets/QuickPlot/PreviewDialog.js:1957-2248
/trunk/widgets/QuickPlot/PreviewDialog.js:2469-2485,2565
+ /sandbox/adsk/2.4j/widgets/QuickPlot/PreviewDialog.js:2486-2528
/sandbox/jxlib-3.0/widgets/QuickPlot/PreviewDialog.js:1957-2248
/trunk/widgets/QuickPlot/PreviewDialog.js:2469-2485,2565,2567
Modified: branches/fusion-mg24/widgets/SaveSession.js
===================================================================
--- branches/fusion-mg24/widgets/SaveSession.js 2012-08-08 15:30:54 UTC (rev 2567)
+++ branches/fusion-mg24/widgets/SaveSession.js 2012-08-08 15:38:22 UTC (rev 2568)
@@ -115,8 +115,7 @@
mapname: mapLayer.getMapName()
}),
onComplete: function(xhr) {
- var o;
- eval('o='+xhr.responseText);
+ var o = Fusion.parseJSON(xhr.responseText);
that.saveCallBack(o);
}
};
Modified: branches/fusion-mg24/widgets/SelectAttribute.js
===================================================================
--- branches/fusion-mg24/widgets/SelectAttribute.js 2012-08-08 15:30:54 UTC (rev 2567)
+++ branches/fusion-mg24/widgets/SelectAttribute.js 2012-08-08 15:38:22 UTC (rev 2568)
@@ -96,7 +96,7 @@
setAttributes: function(xhr) {
if (xhr.status < 400) {
- eval('this.attrs='+xhr.responseText);
+ this.attrs = Fusion.parseJSON(xhr.responseText);
}
},
More information about the fusion-commits
mailing list