From 248af2eaa21524bc5ea823072af5bd731a7cb768 Mon Sep 17 00:00:00 2001
From: Michiel van Oosterhout <michielvoo@gmail.com>
Date: Sun, 7 Oct 2012 20:54:34 -0200
Subject: [PATCH] Correct code that validates the user name when the session
 times out by serializing user name and password.

Adds a minified 4KB JSON library to umbraco.aspx to support older browsers, namely
https://github.com/douglascrockford/JSON-js (public domain)
---
 .../umbraco/Umbraco.aspx.designer.cs               |  9 +++++++++
 src/Umbraco.Web.UI/umbraco/umbraco.aspx            | 14 ++++++++++++--
 src/Umbraco.Web.UI/umbraco_client/ui/json2.js      |  1 +
 3 files changed, 22 insertions(+), 2 deletions(-)
 create mode 100644 src/Umbraco.Web.UI/umbraco_client/ui/json2.js

diff --git a/src/Umbraco.Web.UI/umbraco/Umbraco.aspx.designer.cs b/src/Umbraco.Web.UI/umbraco/Umbraco.aspx.designer.cs
index 28fa493960..4b90045f98 100644
--- a/src/Umbraco.Web.UI/umbraco/Umbraco.aspx.designer.cs
+++ b/src/Umbraco.Web.UI/umbraco/Umbraco.aspx.designer.cs
@@ -11,5 +11,14 @@ namespace Umbraco.Web.UI.Umbraco {
     
     
     public partial class Umbraco {
+        
+        /// <summary>
+        /// JSON2 control.
+        /// </summary>
+        /// <remarks>
+        /// Auto-generated field.
+        /// To modify move field declaration from designer file to code-behind file.
+        /// </remarks>
+        protected global::ClientDependency.Core.Controls.JsInclude JSON2;
     }
 }
diff --git a/src/Umbraco.Web.UI/umbraco/umbraco.aspx b/src/Umbraco.Web.UI/umbraco/umbraco.aspx
index e8f0a37bc8..7822e7167d 100644
--- a/src/Umbraco.Web.UI/umbraco/umbraco.aspx
+++ b/src/Umbraco.Web.UI/umbraco/umbraco.aspx
@@ -1,6 +1,8 @@
 <%@ Page Trace="false" Language="c#" CodeBehind="umbraco.aspx.cs" AutoEventWireup="True"
     Inherits="Umbraco.Web.UI.Umbraco.Umbraco" %>
 
+<%@ Import Namespace="System.Web.Script.Serialization" %>
+
 <%@ Register Src="controls/Tree/TreeControl.ascx" TagName="TreeControl" TagPrefix="umbraco" %>
 <%@ Register TagPrefix="cc1" Namespace="umbraco.uicontrols" Assembly="controls" %>
 <%@ Register TagPrefix="uc1" TagName="quickSearch" Src="Search/QuickSearch.ascx" %>
@@ -16,6 +18,8 @@
     <umb:CssInclude ID="CssInclude2" runat="server" FilePath="modal/style.css" PathNameAlias="UmbracoClient" />
     <umb:JsInclude ID="JsInclude1" runat="server" FilePath="Application/NamespaceManager.js"
         PathNameAlias="UmbracoClient" Priority="0" />
+    <umb:JsInclude ID="JSON2" runat="server" FilePath="ui/json2.js" PathNameAlias="UmbracoClient"
+        Priority="0" />
     <umb:JsInclude ID="JsInclude2" runat="server" FilePath="ui/jquery.js" PathNameAlias="UmbracoClient"
         Priority="0" />
     <umb:JsInclude ID="JsInclude3" runat="server" FilePath="ui/jqueryui.js" PathNameAlias="UmbracoClient"
@@ -289,14 +293,20 @@
         }
 
         function umbracoSessionRenewCheckPassword() {
+            var password = jQuery("#sessionrefreshpassword input").val();
 
+            if (password != "") {
 
+                var data = {
+                    username: <%= new JavaScriptSerializer().Serialize(this.getUser().LoginName) %>, 
+                    password: password
+                };
 
-            if (jQuery("#sessionrefreshpassword input").val() != "") {
                 jQuery.ajax({
                     type: "POST",
                     url: "<%=umbraco.IO.IOHelper.ResolveUrl(umbraco.IO.SystemDirectories.Umbraco) %>/webservices/legacyAjaxCalls.asmx/ValidateUser",
-                    data: "{'username': '<%=this.getUser().LoginName%>', 'password': '" + jQuery("#sessionrefreshpassword input").val() + "'}",
+                    data: JSON.stringify(data),
+                    processData: false, 
                     success: function (result) {
 
                         if (result.d == true) {
diff --git a/src/Umbraco.Web.UI/umbraco_client/ui/json2.js b/src/Umbraco.Web.UI/umbraco_client/ui/json2.js
new file mode 100644
index 0000000000..d46b6a9cdd
--- /dev/null
+++ b/src/Umbraco.Web.UI/umbraco_client/ui/json2.js
@@ -0,0 +1 @@
+var JSON; if (!JSON) { JSON = {} } (function () { function f(n) { return n < 10 ? "0" + n : n } if (typeof Date.prototype.toJSON !== "function") { Date.prototype.toJSON = function (key) { return isFinite(this.valueOf()) ? this.getUTCFullYear() + "-" + f(this.getUTCMonth() + 1) + "-" + f(this.getUTCDate()) + "T" + f(this.getUTCHours()) + ":" + f(this.getUTCMinutes()) + ":" + f(this.getUTCSeconds()) + "Z" : null }; String.prototype.toJSON = Number.prototype.toJSON = Boolean.prototype.toJSON = function (key) { return this.valueOf() } } var cx = /[\u0000\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/g, escapable = /[\\\"\x00-\x1f\x7f-\x9f\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/g, gap, indent, meta = { "\b": "\\b", "\t": "\\t", "\n": "\\n", "\f": "\\f", "\r": "\\r", '"': '\\"', "\\": "\\\\" }, rep; function quote(string) { escapable.lastIndex = 0; return escapable.test(string) ? '"' + string.replace(escapable, function (a) { var c = meta[a]; return typeof c === "string" ? c : "\\u" + ("0000" + a.charCodeAt(0).toString(16)).slice(-4) }) + '"' : '"' + string + '"' } function str(key, holder) { var i, k, v, length, mind = gap, partial, value = holder[key]; if (value && typeof value === "object" && typeof value.toJSON === "function") { value = value.toJSON(key) } if (typeof rep === "function") { value = rep.call(holder, key, value) } switch (typeof value) { case "string": return quote(value); case "number": return isFinite(value) ? String(value) : "null"; case "boolean": case "null": return String(value); case "object": if (!value) { return "null" } gap += indent; partial = []; if (Object.prototype.toString.apply(value) === "[object Array]") { length = value.length; for (i = 0; i < length; i += 1) { partial[i] = str(i, value) || "null" } v = partial.length === 0 ? "[]" : gap ? "[\n" + gap + partial.join(",\n" + gap) + "\n" + mind + "]" : "[" + partial.join(",") + "]"; gap = mind; return v } if (rep && typeof rep === "object") { length = rep.length; for (i = 0; i < length; i += 1) { if (typeof rep[i] === "string") { k = rep[i]; v = str(k, value); if (v) { partial.push(quote(k) + (gap ? ": " : ":") + v) } } } } else { for (k in value) { if (Object.prototype.hasOwnProperty.call(value, k)) { v = str(k, value); if (v) { partial.push(quote(k) + (gap ? ": " : ":") + v) } } } } v = partial.length === 0 ? "{}" : gap ? "{\n" + gap + partial.join(",\n" + gap) + "\n" + mind + "}" : "{" + partial.join(",") + "}"; gap = mind; return v } } if (typeof JSON.stringify !== "function") { JSON.stringify = function (value, replacer, space) { var i; gap = ""; indent = ""; if (typeof space === "number") { for (i = 0; i < space; i += 1) { indent += " " } } else { if (typeof space === "string") { indent = space } } rep = replacer; if (replacer && typeof replacer !== "function" && (typeof replacer !== "object" || typeof replacer.length !== "number")) { throw new Error("JSON.stringify") } return str("", { "": value }) } } if (typeof JSON.parse !== "function") { JSON.parse = function (text, reviver) { var j; function walk(holder, key) { var k, v, value = holder[key]; if (value && typeof value === "object") { for (k in value) { if (Object.prototype.hasOwnProperty.call(value, k)) { v = walk(value, k); if (v !== undefined) { value[k] = v } else { delete value[k] } } } } return reviver.call(holder, key, value) } text = String(text); cx.lastIndex = 0; if (cx.test(text)) { text = text.replace(cx, function (a) { return "\\u" + ("0000" + a.charCodeAt(0).toString(16)).slice(-4) }) } if (/^[\],:{}\s]*$/.test(text.replace(/\\(?:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g, "@").replace(/"[^"\\\n\r]*"|true|false|null|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?/g, "]").replace(/(?:^|:|,)(?:\s*\[)+/g, ""))) { j = eval("(" + text + ")"); return typeof reviver === "function" ? walk({ "": j }, "") : j } throw new SyntaxError("JSON.parse") } } }());