From a5950dda1c90042aafba5f886d9cf12bc9763fbe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Leon=20Strau=C3=9F?=
Date: Wed, 10 Jun 2020 10:33:06 +0200
Subject: [PATCH 01/19] Fixed Unexpected 'NUMBER'
if you had a query with an "IN" with 10 elements or more, the regex of setRulesFromSQL did not match correctly
---
src/plugins/sql-support/plugin.js | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/plugins/sql-support/plugin.js b/src/plugins/sql-support/plugin.js
index 95b7eda5..17f5c506 100644
--- a/src/plugins/sql-support/plugin.js
+++ b/src/plugins/sql-support/plugin.js
@@ -214,7 +214,7 @@ QueryBuilder.defaults({
'named': function(values, char) {
if (!char || char.length > 1) char = ':';
var regex1 = new RegExp('^\\' + char);
- var regex2 = new RegExp('\\' + char + '(' + Object.keys(values).join('|') + ')', 'g');
+ var regex2 = new RegExp('\\' + char + '(' + Object.keys(values).join('|') + ')\\b', 'g');
return {
parse: function(v) {
return regex1.test(v) ? values[v.slice(1)] : v;
From 5a94400d35f497643dcf1f89cecf2da97c852120 Mon Sep 17 00:00:00 2001
From: Robin van der Vliet
Date: Fri, 19 Mar 2021 17:07:25 +0100
Subject: [PATCH 02/19] Esperanto translation (#906)
---
src/i18n/eo.json | 63 ++++++++++++++++++++++++++++++
src/plugins/invert/i18n/eo.json | 3 ++
src/plugins/not-group/i18n/eo.json | 3 ++
3 files changed, 69 insertions(+)
create mode 100644 src/i18n/eo.json
create mode 100644 src/plugins/invert/i18n/eo.json
create mode 100644 src/plugins/not-group/i18n/eo.json
diff --git a/src/i18n/eo.json b/src/i18n/eo.json
new file mode 100644
index 00000000..b3c9166d
--- /dev/null
+++ b/src/i18n/eo.json
@@ -0,0 +1,63 @@
+{
+ "__locale": "Esperanto (eo)",
+ "__author": "Robin van der Vliet, https://robinvandervliet.com/",
+
+ "add_rule": "Aldoni regulon",
+ "add_group": "Aldoni grupon",
+ "delete_rule": "Forigi",
+ "delete_group": "Forigi",
+
+ "conditions": {
+ "AND": "KAJ",
+ "OR": "AŬ"
+ },
+
+ "operators": {
+ "equal": "estas egala al",
+ "not_equal": "ne estas egala al",
+ "in": "estas en",
+ "not_in": "ne estas en",
+ "less": "estas malpli ol",
+ "less_or_equal": "estas malpli ol aŭ egala al",
+ "greater": "estas pli ol",
+ "greater_or_equal": "estas pli ol aŭ egala al",
+ "between": "estas inter",
+ "not_between": "ne estas inter",
+ "begins_with": "komenciĝas per",
+ "not_begins_with": "ne komenciĝas per",
+ "contains": "enhavas",
+ "not_contains": "ne enhavas",
+ "ends_with": "finiĝas per",
+ "not_ends_with": "ne finiĝas per",
+ "is_empty": "estas malplena",
+ "is_not_empty": "ne estas malplena",
+ "is_null": "estas senvalora",
+ "is_not_null": "ne estas senvalora"
+ },
+
+ "errors": {
+ "no_filter": "Neniu filtrilo elektita",
+ "empty_group": "La grupo estas malplena",
+ "radio_empty": "Neniu valoro elektita",
+ "checkbox_empty": "Neniu valoro elektita",
+ "select_empty": "Neniu valoro elektita",
+ "string_empty": "Malplena valoro",
+ "string_exceed_min_length": "Devas enhavi pli ol {0} signojn",
+ "string_exceed_max_length": "Devas ne enhavi pli ol {0} signojn",
+ "string_invalid_format": "Nevalida strukturo ({0})",
+ "number_nan": "Ne estas nombro",
+ "number_not_integer": "Ne estas entjera nombro",
+ "number_not_double": "Ne estas reela nombro",
+ "number_exceed_min": "Devas esti pli ol {0}",
+ "number_exceed_max": "Devas esti malpli ol {0}",
+ "number_wrong_step": "Devas esti oblo de {0}",
+ "number_between_invalid": "Nevalidaj valoroj, {0} estas pli ol {1}",
+ "datetime_empty": "Malplena valoro",
+ "datetime_invalid": "Nevalida dato ({0})",
+ "datetime_exceed_min": "Devas esti post {0}",
+ "datetime_exceed_max": "Devas esti antaŭ {0}",
+ "datetime_between_invalid": "Nevalidaj valoroj, {0} estas post {1}",
+ "boolean_not_valid": "Ne estas bulea valoro",
+ "operator_not_multiple": "La operacio \"{1}\" ne akceptas plurajn valorojn"
+ }
+}
diff --git a/src/plugins/invert/i18n/eo.json b/src/plugins/invert/i18n/eo.json
new file mode 100644
index 00000000..e5ddde54
--- /dev/null
+++ b/src/plugins/invert/i18n/eo.json
@@ -0,0 +1,3 @@
+{
+ "invert": "Inversigi"
+}
diff --git a/src/plugins/not-group/i18n/eo.json b/src/plugins/not-group/i18n/eo.json
new file mode 100644
index 00000000..8025e4e8
--- /dev/null
+++ b/src/plugins/not-group/i18n/eo.json
@@ -0,0 +1,3 @@
+{
+ "NOT": "NE"
+}
From f620fbd06cd620e8b48f8f28bf7c6657a72e268b Mon Sep 17 00:00:00 2001
From: mistic100
Date: Sat, 20 Mar 2021 14:36:53 +0100
Subject: [PATCH 03/19] Fix #905 Potential XSS on template generation
---
src/core.js | 10 +++++-----
src/plugins/bt-tooltip-errors/plugin.js | 2 +-
src/plugins/filter-description/plugin.js | 6 +++---
src/plugins/invert/plugin.js | 4 ++--
src/plugins/not-group/plugin.js | 2 +-
src/plugins/sortable/plugin.js | 6 +++---
6 files changed, 15 insertions(+), 15 deletions(-)
diff --git a/src/core.js b/src/core.js
index 305a9e53..6944c9a3 100644
--- a/src/core.js
+++ b/src/core.js
@@ -345,7 +345,7 @@ QueryBuilder.prototype.setRoot = function(addRule, data, flags) {
addRule = (addRule === undefined || addRule === true);
var group_id = this.nextGroupId();
- var $group = $(this.getGroupTemplate(group_id, 1));
+ var $group = $($.parseHTML(this.getGroupTemplate(group_id, 1)));
this.$el.append($group);
this.model.root = new Group(null, $group);
@@ -535,7 +535,7 @@ QueryBuilder.prototype.addRule = function(parent, data, flags) {
}
var rule_id = this.nextRuleId();
- var $rule = $(this.getRuleTemplate(rule_id));
+ var $rule = $($.parseHTML(this.getRuleTemplate(rule_id)));
var model = parent.addRule($rule);
model.data = data;
@@ -625,7 +625,7 @@ QueryBuilder.prototype.createRuleFilters = function(rule) {
* @returns {QueryBuilder.Filter[]}
*/
var filters = this.change('getRuleFilters', this.filters, rule);
- var $filterSelect = $(this.getRuleFilterSelect(rule, filters));
+ var $filterSelect = $($.parseHTML(this.getRuleFilterSelect(rule, filters)));
rule.$el.find(QueryBuilder.selectors.filter_container).html($filterSelect);
@@ -654,7 +654,7 @@ QueryBuilder.prototype.createRuleOperators = function(rule) {
}
var operators = this.getOperators(rule.filter);
- var $operatorSelect = $(this.getRuleOperatorSelect(rule, operators));
+ var $operatorSelect = $($.parseHTML(this.getRuleOperatorSelect(rule, operators)));
$operatorContainer.html($operatorSelect);
@@ -700,7 +700,7 @@ QueryBuilder.prototype.createRuleInput = function(rule) {
var filter = rule.filter;
for (var i = 0; i < rule.operator.nb_inputs; i++) {
- var $ruleInput = $(this.getRuleInput(rule, i));
+ var $ruleInput = $($.parseHTML(this.getRuleInput(rule, i)));
if (i > 0) $valueContainer.append(this.settings.inputs_separator);
$valueContainer.append($ruleInput);
$inputs = $inputs.add($ruleInput);
diff --git a/src/plugins/bt-tooltip-errors/plugin.js b/src/plugins/bt-tooltip-errors/plugin.js
index e9bc935c..68423252 100644
--- a/src/plugins/bt-tooltip-errors/plugin.js
+++ b/src/plugins/bt-tooltip-errors/plugin.js
@@ -15,7 +15,7 @@ QueryBuilder.define('bt-tooltip-errors', function(options) {
// add BT Tooltip data
this.on('getRuleTemplate.filter getGroupTemplate.filter', function(h) {
- var $h = $(h.value);
+ var $h = $($.parseHTML(h.value));
$h.find(QueryBuilder.selectors.error_container).attr('data-toggle', 'tooltip');
h.value = $h.prop('outerHTML');
});
diff --git a/src/plugins/filter-description/plugin.js b/src/plugins/filter-description/plugin.js
index bbe58fcb..472dd328 100644
--- a/src/plugins/filter-description/plugin.js
+++ b/src/plugins/filter-description/plugin.js
@@ -19,7 +19,7 @@ QueryBuilder.define('filter-description', function(options) {
}
else {
if ($p.length === 0) {
- $p = $('');
+ $p = $($.parseHTML(''));
$p.appendTo(rule.$el);
}
else {
@@ -49,7 +49,7 @@ QueryBuilder.define('filter-description', function(options) {
}
else {
if ($b.length === 0) {
- $b = $('');
+ $b = $($.parseHTML(''));
$b.prependTo(rule.$el.find(QueryBuilder.selectors.rule_actions));
$b.popover({
@@ -89,7 +89,7 @@ QueryBuilder.define('filter-description', function(options) {
}
else {
if ($b.length === 0) {
- $b = $('');
+ $b = $($.parseHTML(''));
$b.prependTo(rule.$el.find(QueryBuilder.selectors.rule_actions));
$b.on('click', function() {
diff --git a/src/plugins/invert/plugin.js b/src/plugins/invert/plugin.js
index 6b77e2fd..c0294e84 100644
--- a/src/plugins/invert/plugin.js
+++ b/src/plugins/invert/plugin.js
@@ -31,7 +31,7 @@ QueryBuilder.define('invert', function(options) {
// Modify templates
if (!options.disable_template) {
this.on('getGroupTemplate.filter', function(h) {
- var $h = $(h.value);
+ var $h = $($.parseHTML(h.value));
$h.find(Selectors.condition_container).after(
'