From 90fed5a575628b89eaf941e1627b49e0f3693812 Mon Sep 17 00:00:00 2001
From: Jordan Wright <jmwright798@gmail.com>
Date: Thu, 6 Aug 2020 22:21:36 -0500
Subject: [PATCH] Added escaping for error message in sending profile hostname

---
 static/js/dist/app/sending_profiles.min.js | 2 +-
 static/js/src/app/sending_profiles.js      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/static/js/dist/app/sending_profiles.min.js b/static/js/dist/app/sending_profiles.min.js
index 1ec33289..80c960b9 100644
--- a/static/js/dist/app/sending_profiles.min.js
+++ b/static/js/dist/app/sending_profiles.min.js
@@ -1 +1 @@
-var profiles=[];function sendTestEmail(){var o=[];$.each($("#headersTable").DataTable().rows().data(),function(e,a){o.push({key:unescapeHtml(a[0]),value:unescapeHtml(a[1])})});var e={template:{},first_name:$("input[name=to_first_name]").val(),last_name:$("input[name=to_last_name]").val(),email:$("input[name=to_email]").val(),position:$("input[name=to_position]").val(),url:"",smtp:{from_address:$("#from").val(),host:$("#host").val(),username:$("#username").val(),password:$("#password").val(),ignore_cert_errors:$("#ignore_cert_errors").prop("checked"),headers:o}};btnHtml=$("#sendTestModalSubmit").html(),$("#sendTestModalSubmit").html('<i class="fa fa-spinner fa-spin"></i> Sending'),api.send_test_email(e).success(function(e){$("#sendTestEmailModal\\.flashes").empty().append('<div style="text-align:center" class="alert alert-success">\t    <i class="fa fa-check-circle"></i> Email Sent!</div>'),$("#sendTestModalSubmit").html(btnHtml)}).error(function(e){$("#sendTestEmailModal\\.flashes").empty().append('<div style="text-align:center" class="alert alert-danger">\t    <i class="fa fa-exclamation-circle"></i> '+e.responseJSON.message+"</div>"),$("#sendTestModalSubmit").html(btnHtml)})}function save(e){var o={headers:[]};$.each($("#headersTable").DataTable().rows().data(),function(e,a){o.headers.push({key:unescapeHtml(a[0]),value:unescapeHtml(a[1])})}),o.name=$("#name").val(),o.interface_type=$("#interface_type").val(),o.from_address=$("#from").val(),o.host=$("#host").val(),o.username=$("#username").val(),o.password=$("#password").val(),o.ignore_cert_errors=$("#ignore_cert_errors").prop("checked"),-1!=e?(o.id=profiles[e].id,api.SMTPId.put(o).success(function(e){successFlash("Profile edited successfully!"),load(),dismiss()}).error(function(e){modalError(e.responseJSON.message)})):api.SMTP.post(o).success(function(e){successFlash("Profile added successfully!"),load(),dismiss()}).error(function(e){modalError(e.responseJSON.message)})}function dismiss(){$("#modal\\.flashes").empty(),$("#name").val(""),$("#interface_type").val("SMTP"),$("#from").val(""),$("#host").val(""),$("#username").val(""),$("#password").val(""),$("#ignore_cert_errors").prop("checked",!0),$("#headersTable").dataTable().DataTable().clear().draw(),$("#modal").modal("hide")}var dismissSendTestEmailModal=function(){$("#sendTestEmailModal\\.flashes").empty(),$("#sendTestModalSubmit").html("<i class='fa fa-envelope'></i> Send")},deleteProfile=function(e){Swal.fire({title:"Are you sure?",text:"This will delete the sending profile. This can't be undone!",type:"warning",animation:!1,showCancelButton:!0,confirmButtonText:"Delete "+escapeHtml(profiles[e].name),confirmButtonColor:"#428bca",reverseButtons:!0,allowOutsideClick:!1,preConfirm:function(){return new Promise(function(a,o){api.SMTPId.delete(profiles[e].id).success(function(e){a()}).error(function(e){o(e.responseJSON.message)})})}}).then(function(e){e.value&&Swal.fire("Sending Profile Deleted!","This sending profile has been deleted!","success"),$('button:contains("OK")').on("click",function(){location.reload()})})};function edit(e){headers=$("#headersTable").dataTable({destroy:!0,columnDefs:[{orderable:!1,targets:"no-sort"}]}),$("#modalSubmit").unbind("click").click(function(){save(e)});var a={};-1!=e&&(a=profiles[e],$("#name").val(a.name),$("#interface_type").val(a.interface_type),$("#from").val(a.from_address),$("#host").val(a.host),$("#username").val(a.username),$("#password").val(a.password),$("#ignore_cert_errors").prop("checked",a.ignore_cert_errors),$.each(a.headers,function(e,a){addCustomHeader(a.key,a.value)}))}function copy(e){$("#modalSubmit").unbind("click").click(function(){save(-1)});var a;a=profiles[e],$("#name").val("Copy of "+a.name),$("#interface_type").val(a.interface_type),$("#from").val(a.from_address),$("#host").val(a.host),$("#username").val(a.username),$("#password").val(a.password),$("#ignore_cert_errors").prop("checked",a.ignore_cert_errors)}function load(){$("#profileTable").hide(),$("#emptyMessage").hide(),$("#loading").show(),api.SMTP.get().success(function(e){profiles=e,$("#loading").hide(),0<profiles.length?($("#profileTable").show(),profileTable=$("#profileTable").DataTable({destroy:!0,columnDefs:[{orderable:!1,targets:"no-sort"}]}),profileTable.clear(),profileRows=[],$.each(profiles,function(e,a){profileRows.push([escapeHtml(a.name),a.interface_type,moment(a.modified_date).format("MMMM Do YYYY, h:mm:ss a"),"<div class='pull-right'><span data-toggle='modal' data-backdrop='static' data-target='#modal'><button class='btn btn-primary' data-toggle='tooltip' data-placement='left' title='Edit Profile' onclick='edit("+e+")'>                    <i class='fa fa-pencil'></i>                    </button></span>\t\t    <span data-toggle='modal' data-target='#modal'><button class='btn btn-primary' data-toggle='tooltip' data-placement='left' title='Copy Profile' onclick='copy("+e+")'>                    <i class='fa fa-copy'></i>                    </button></span>                    <button class='btn btn-danger' data-toggle='tooltip' data-placement='left' title='Delete Profile' onclick='deleteProfile("+e+")'>                    <i class='fa fa-trash-o'></i>                    </button></div>"])}),profileTable.rows.add(profileRows).draw(),$('[data-toggle="tooltip"]').tooltip()):$("#emptyMessage").show()}).error(function(){$("#loading").hide(),errorFlash("Error fetching profiles")})}function addCustomHeader(e,a){var o=[escapeHtml(e),escapeHtml(a),'<span style="cursor:pointer;"><i class="fa fa-trash-o"></i></span>'],s=headers.DataTable(),t=s.column(0).data().indexOf(escapeHtml(e));0<=t?s.row(t,{order:"index"}).data(o):s.row.add(o),s.draw()}$(document).ready(function(){$(".modal").on("hidden.bs.modal",function(e){$(this).removeClass("fv-modal-stack"),$("body").data("fv_open_modals",$("body").data("fv_open_modals")-1)}),$(".modal").on("shown.bs.modal",function(e){void 0===$("body").data("fv_open_modals")&&$("body").data("fv_open_modals",0),$(this).hasClass("fv-modal-stack")||($(this).addClass("fv-modal-stack"),$("body").data("fv_open_modals",$("body").data("fv_open_modals")+1),$(this).css("z-index",1040+10*$("body").data("fv_open_modals")),$(".modal-backdrop").not(".fv-modal-stack").css("z-index",1039+10*$("body").data("fv_open_modals")),$(".modal-backdrop").not("fv-modal-stack").addClass("fv-modal-stack"))}),$.fn.modal.Constructor.prototype.enforceFocus=function(){$(document).off("focusin.bs.modal").on("focusin.bs.modal",$.proxy(function(e){this.$element[0]===e.target||this.$element.has(e.target).length||$(e.target).closest(".cke_dialog, .cke").length||this.$element.trigger("focus")},this))},$(document).on("hidden.bs.modal",".modal",function(){$(".modal:visible").length&&$(document.body).addClass("modal-open")}),$("#modal").on("hidden.bs.modal",function(e){dismiss()}),$("#sendTestEmailModal").on("hidden.bs.modal",function(e){dismissSendTestEmailModal()}),$("#headersForm").on("submit",function(){return headerKey=$("#headerKey").val(),headerValue=$("#headerValue").val(),""==headerKey||""==headerValue||(addCustomHeader(headerKey,headerValue),$("#headersForm>div>input").val(""),$("#headerKey").focus()),!1}),$("#headersTable").on("click","span>i.fa-trash-o",function(){headers.DataTable().row($(this).parents("tr")).remove().draw()}),load()});
\ No newline at end of file
+var profiles=[];function sendTestEmail(){var s=[];$.each($("#headersTable").DataTable().rows().data(),function(e,a){s.push({key:unescapeHtml(a[0]),value:unescapeHtml(a[1])})});var e={template:{},first_name:$("input[name=to_first_name]").val(),last_name:$("input[name=to_last_name]").val(),email:$("input[name=to_email]").val(),position:$("input[name=to_position]").val(),url:"",smtp:{from_address:$("#from").val(),host:$("#host").val(),username:$("#username").val(),password:$("#password").val(),ignore_cert_errors:$("#ignore_cert_errors").prop("checked"),headers:s}};btnHtml=$("#sendTestModalSubmit").html(),$("#sendTestModalSubmit").html('<i class="fa fa-spinner fa-spin"></i> Sending'),api.send_test_email(e).success(function(e){$("#sendTestEmailModal\\.flashes").empty().append('<div style="text-align:center" class="alert alert-success">\t    <i class="fa fa-check-circle"></i> Email Sent!</div>'),$("#sendTestModalSubmit").html(btnHtml)}).error(function(e){$("#sendTestEmailModal\\.flashes").empty().append('<div style="text-align:center" class="alert alert-danger">\t    <i class="fa fa-exclamation-circle"></i> '+escapeHtml(e.responseJSON.message)+"</div>"),$("#sendTestModalSubmit").html(btnHtml)})}function save(e){var s={headers:[]};$.each($("#headersTable").DataTable().rows().data(),function(e,a){s.headers.push({key:unescapeHtml(a[0]),value:unescapeHtml(a[1])})}),s.name=$("#name").val(),s.interface_type=$("#interface_type").val(),s.from_address=$("#from").val(),s.host=$("#host").val(),s.username=$("#username").val(),s.password=$("#password").val(),s.ignore_cert_errors=$("#ignore_cert_errors").prop("checked"),-1!=e?(s.id=profiles[e].id,api.SMTPId.put(s).success(function(e){successFlash("Profile edited successfully!"),load(),dismiss()}).error(function(e){modalError(e.responseJSON.message)})):api.SMTP.post(s).success(function(e){successFlash("Profile added successfully!"),load(),dismiss()}).error(function(e){modalError(e.responseJSON.message)})}function dismiss(){$("#modal\\.flashes").empty(),$("#name").val(""),$("#interface_type").val("SMTP"),$("#from").val(""),$("#host").val(""),$("#username").val(""),$("#password").val(""),$("#ignore_cert_errors").prop("checked",!0),$("#headersTable").dataTable().DataTable().clear().draw(),$("#modal").modal("hide")}var dismissSendTestEmailModal=function(){$("#sendTestEmailModal\\.flashes").empty(),$("#sendTestModalSubmit").html("<i class='fa fa-envelope'></i> Send")},deleteProfile=function(e){Swal.fire({title:"Are you sure?",text:"This will delete the sending profile. This can't be undone!",type:"warning",animation:!1,showCancelButton:!0,confirmButtonText:"Delete "+escapeHtml(profiles[e].name),confirmButtonColor:"#428bca",reverseButtons:!0,allowOutsideClick:!1,preConfirm:function(){return new Promise(function(a,s){api.SMTPId.delete(profiles[e].id).success(function(e){a()}).error(function(e){s(e.responseJSON.message)})})}}).then(function(e){e.value&&Swal.fire("Sending Profile Deleted!","This sending profile has been deleted!","success"),$('button:contains("OK")').on("click",function(){location.reload()})})};function edit(e){headers=$("#headersTable").dataTable({destroy:!0,columnDefs:[{orderable:!1,targets:"no-sort"}]}),$("#modalSubmit").unbind("click").click(function(){save(e)});var a={};-1!=e&&(a=profiles[e],$("#name").val(a.name),$("#interface_type").val(a.interface_type),$("#from").val(a.from_address),$("#host").val(a.host),$("#username").val(a.username),$("#password").val(a.password),$("#ignore_cert_errors").prop("checked",a.ignore_cert_errors),$.each(a.headers,function(e,a){addCustomHeader(a.key,a.value)}))}function copy(e){$("#modalSubmit").unbind("click").click(function(){save(-1)});var a;a=profiles[e],$("#name").val("Copy of "+a.name),$("#interface_type").val(a.interface_type),$("#from").val(a.from_address),$("#host").val(a.host),$("#username").val(a.username),$("#password").val(a.password),$("#ignore_cert_errors").prop("checked",a.ignore_cert_errors)}function load(){$("#profileTable").hide(),$("#emptyMessage").hide(),$("#loading").show(),api.SMTP.get().success(function(e){profiles=e,$("#loading").hide(),0<profiles.length?($("#profileTable").show(),profileTable=$("#profileTable").DataTable({destroy:!0,columnDefs:[{orderable:!1,targets:"no-sort"}]}),profileTable.clear(),profileRows=[],$.each(profiles,function(e,a){profileRows.push([escapeHtml(a.name),a.interface_type,moment(a.modified_date).format("MMMM Do YYYY, h:mm:ss a"),"<div class='pull-right'><span data-toggle='modal' data-backdrop='static' data-target='#modal'><button class='btn btn-primary' data-toggle='tooltip' data-placement='left' title='Edit Profile' onclick='edit("+e+")'>                    <i class='fa fa-pencil'></i>                    </button></span>\t\t    <span data-toggle='modal' data-target='#modal'><button class='btn btn-primary' data-toggle='tooltip' data-placement='left' title='Copy Profile' onclick='copy("+e+")'>                    <i class='fa fa-copy'></i>                    </button></span>                    <button class='btn btn-danger' data-toggle='tooltip' data-placement='left' title='Delete Profile' onclick='deleteProfile("+e+")'>                    <i class='fa fa-trash-o'></i>                    </button></div>"])}),profileTable.rows.add(profileRows).draw(),$('[data-toggle="tooltip"]').tooltip()):$("#emptyMessage").show()}).error(function(){$("#loading").hide(),errorFlash("Error fetching profiles")})}function addCustomHeader(e,a){var s=[escapeHtml(e),escapeHtml(a),'<span style="cursor:pointer;"><i class="fa fa-trash-o"></i></span>'],t=headers.DataTable(),o=t.column(0).data().indexOf(escapeHtml(e));0<=o?t.row(o,{order:"index"}).data(s):t.row.add(s),t.draw()}$(document).ready(function(){$(".modal").on("hidden.bs.modal",function(e){$(this).removeClass("fv-modal-stack"),$("body").data("fv_open_modals",$("body").data("fv_open_modals")-1)}),$(".modal").on("shown.bs.modal",function(e){void 0===$("body").data("fv_open_modals")&&$("body").data("fv_open_modals",0),$(this).hasClass("fv-modal-stack")||($(this).addClass("fv-modal-stack"),$("body").data("fv_open_modals",$("body").data("fv_open_modals")+1),$(this).css("z-index",1040+10*$("body").data("fv_open_modals")),$(".modal-backdrop").not(".fv-modal-stack").css("z-index",1039+10*$("body").data("fv_open_modals")),$(".modal-backdrop").not("fv-modal-stack").addClass("fv-modal-stack"))}),$.fn.modal.Constructor.prototype.enforceFocus=function(){$(document).off("focusin.bs.modal").on("focusin.bs.modal",$.proxy(function(e){this.$element[0]===e.target||this.$element.has(e.target).length||$(e.target).closest(".cke_dialog, .cke").length||this.$element.trigger("focus")},this))},$(document).on("hidden.bs.modal",".modal",function(){$(".modal:visible").length&&$(document.body).addClass("modal-open")}),$("#modal").on("hidden.bs.modal",function(e){dismiss()}),$("#sendTestEmailModal").on("hidden.bs.modal",function(e){dismissSendTestEmailModal()}),$("#headersForm").on("submit",function(){return headerKey=$("#headerKey").val(),headerValue=$("#headerValue").val(),""==headerKey||""==headerValue||(addCustomHeader(headerKey,headerValue),$("#headersForm>div>input").val(""),$("#headerKey").focus()),!1}),$("#headersTable").on("click","span>i.fa-trash-o",function(){headers.DataTable().row($(this).parents("tr")).remove().draw()}),load()});
\ No newline at end of file
diff --git a/static/js/src/app/sending_profiles.js b/static/js/src/app/sending_profiles.js
index cb2b2542..043bd1e5 100644
--- a/static/js/src/app/sending_profiles.js
+++ b/static/js/src/app/sending_profiles.js
@@ -36,7 +36,7 @@ function sendTestEmail() {
         })
         .error(function (data) {
             $("#sendTestEmailModal\\.flashes").empty().append("<div style=\"text-align:center\" class=\"alert alert-danger\">\
-	    <i class=\"fa fa-exclamation-circle\"></i> " + data.responseJSON.message + "</div>")
+	    <i class=\"fa fa-exclamation-circle\"></i> " + escapeHtml(data.responseJSON.message) + "</div>")
             $("#sendTestModalSubmit").html(btnHtml)
         })
 }