This is an automated email from the ASF dual-hosted git repository.
gcruz pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/allura.git
commit 1733ec7fd0b5d7b03c4c184ac8e3b9ec7376e50c
Author: Dave Brondsema <dbronds...@slashdotmedia.com>
AuthorDate: Fri Jan 5 13:26:16 2024 -0500
[#8534] fix some codeql warnings
---
Allura/allura/lib/widgets/resources/js/jquery.colorPicker.js | 2 +-
Allura/allura/templates/repo/commit.html | 5 +++--
ForgeImporters/forgeimporters/github/tracker.py | 2 +-
ForgeTracker/forgetracker/widgets/resources/js/mass-edit.js | 2 +-
4 files changed, 6 insertions(+), 5 deletions(-)
diff --git a/Allura/allura/lib/widgets/resources/js/jquery.colorPicker.js
b/Allura/allura/lib/widgets/resources/js/jquery.colorPicker.js
index 78bb1291b..3a3088a62 100644
--- a/Allura/allura/lib/widgets/resources/js/jquery.colorPicker.js
+++ b/Allura/allura/lib/widgets/resources/js/jquery.colorPicker.js
@@ -179,7 +179,7 @@
var selector = activePalette,
selectorParent = $(event.target).parents("#" +
selector.attr('id')).length;
- if (event.target === $(selector)[0] || event.target ===
selectorOwner || selectorParent > 0) {
+ if (event.target === $.find(selector)[0] || event.target ===
selectorOwner || selectorParent > 0) {
return;
}
diff --git a/Allura/allura/templates/repo/commit.html
b/Allura/allura/templates/repo/commit.html
index f92483821..630a1aaa4 100644
--- a/Allura/allura/templates/repo/commit.html
+++ b/Allura/allura/templates/repo/commit.html
@@ -49,9 +49,10 @@ Commit <a href="{{commit.url()}}"
rel="nofollow">{{commit.shorthand_id()}}</a> {
{{ super() }}
<script type="text/javascript">
function color_diff(selector) {
- var overflow = $(selector).find("pre").get(0);
+ var $selected = $('body').find(selector);
+ var overflow = $selected.find("pre").get(0);
var len = overflow.scrollWidth - 5;
- $(selector).find(".gi, .gd, .gu").width(len);
+ $selected.find(".gi, .gd, .gu").width(len);
}
function ld(diff, callback) {
diff --git a/ForgeImporters/forgeimporters/github/tracker.py
b/ForgeImporters/forgeimporters/github/tracker.py
index 334843542..26f66551d 100644
--- a/ForgeImporters/forgeimporters/github/tracker.py
+++ b/ForgeImporters/forgeimporters/github/tracker.py
@@ -248,7 +248,7 @@ class GitHubTrackerImporter(ToolImporter):
# at github, attachments are images only and are included into
comment's body
# usual syntax is
#
\r\n
- REGEXP = r'!\[[\w0-9]+?\]\(((?:https?:\/\/)?[\da-z\.-]+\.[a-z\.]{2,6}'\
+ REGEXP = r'!\[[\w]+?\]\(((?:https?:\/\/)?[\da-z\.-]+\.[a-z\.]{2,6}'\
'[\\/%\\w\\.-]*.(jpg|jpeg|png|gif))\\)[\r\n]*'
attachments = []
diff --git a/ForgeTracker/forgetracker/widgets/resources/js/mass-edit.js
b/ForgeTracker/forgetracker/widgets/resources/js/mass-edit.js
index 886f973ef..d0fa82e4a 100644
--- a/ForgeTracker/forgetracker/widgets/resources/js/mass-edit.js
+++ b/ForgeTracker/forgetracker/widgets/resources/js/mass-edit.js
@@ -44,7 +44,7 @@ $(function(){
}
$checked.each(function() {
- $form.append('<input type="hidden" name="__ticket_ids"
value="'+$(this).val()+'"/>');
+ $form.append('<input type="hidden" name="__ticket_ids"
value="'+escape_html($(this).val())+'"/>');
});
});
});
