This is an automated email from the ASF dual-hosted git repository. brondsem pushed a commit to branch db/8534 in repository https://gitbox.apache.org/repos/asf/allura.git
commit c60e869b9a08b4b48ca0c9eb5d2372fee921aed5 Author: Dave Brondsema <[email protected]> AuthorDate: Fri Jan 5 13:26:16 2024 -0500 [#8534] fix some codeql warnings --- Allura/allura/lib/widgets/resources/js/jquery.colorPicker.js | 2 +- Allura/allura/templates/repo/commit.html | 5 +++-- ForgeImporters/forgeimporters/github/tracker.py | 2 +- ForgeTracker/forgetracker/widgets/resources/js/mass-edit.js | 2 +- 4 files changed, 6 insertions(+), 5 deletions(-) diff --git a/Allura/allura/lib/widgets/resources/js/jquery.colorPicker.js b/Allura/allura/lib/widgets/resources/js/jquery.colorPicker.js index 78bb1291b..3a3088a62 100644 --- a/Allura/allura/lib/widgets/resources/js/jquery.colorPicker.js +++ b/Allura/allura/lib/widgets/resources/js/jquery.colorPicker.js @@ -179,7 +179,7 @@ var selector = activePalette, selectorParent = $(event.target).parents("#" + selector.attr('id')).length; - if (event.target === $(selector)[0] || event.target === selectorOwner || selectorParent > 0) { + if (event.target === $.find(selector)[0] || event.target === selectorOwner || selectorParent > 0) { return; } diff --git a/Allura/allura/templates/repo/commit.html b/Allura/allura/templates/repo/commit.html index f92483821..630a1aaa4 100644 --- a/Allura/allura/templates/repo/commit.html +++ b/Allura/allura/templates/repo/commit.html @@ -49,9 +49,10 @@ Commit <a href="{{commit.url()}}" rel="nofollow">{{commit.shorthand_id()}}</a> { {{ super() }} <script type="text/javascript"> function color_diff(selector) { - var overflow = $(selector).find("pre").get(0); + var $selected = $('body').find(selector); + var overflow = $selected.find("pre").get(0); var len = overflow.scrollWidth - 5; - $(selector).find(".gi, .gd, .gu").width(len); + $selected.find(".gi, .gd, .gu").width(len); } function ld(diff, callback) { diff --git a/ForgeImporters/forgeimporters/github/tracker.py b/ForgeImporters/forgeimporters/github/tracker.py index 334843542..26f66551d 100644 --- a/ForgeImporters/forgeimporters/github/tracker.py +++ b/ForgeImporters/forgeimporters/github/tracker.py @@ -248,7 +248,7 @@ class GitHubTrackerImporter(ToolImporter): # at github, attachments are images only and are included into comment's body # usual syntax is # \r\n - REGEXP = r'!\[[\w0-9]+?\]\(((?:https?:\/\/)?[\da-z\.-]+\.[a-z\.]{2,6}'\ + REGEXP = r'!\[[\w]+?\]\(((?:https?:\/\/)?[\da-z\.-]+\.[a-z\.]{2,6}'\ '[\\/%\\w\\.-]*.(jpg|jpeg|png|gif))\\)[\r\n]*' attachments = [] diff --git a/ForgeTracker/forgetracker/widgets/resources/js/mass-edit.js b/ForgeTracker/forgetracker/widgets/resources/js/mass-edit.js index 886f973ef..d0fa82e4a 100644 --- a/ForgeTracker/forgetracker/widgets/resources/js/mass-edit.js +++ b/ForgeTracker/forgetracker/widgets/resources/js/mass-edit.js @@ -44,7 +44,7 @@ $(function(){ } $checked.each(function() { - $form.append('<input type="hidden" name="__ticket_ids" value="'+$(this).val()+'"/>'); + $form.append('<input type="hidden" name="__ticket_ids" value="'+escape_html($(this).val())+'"/>'); }); }); });
