We should not use JSON.stringify() but leave escaping to AJAX itself

Signed-off-by: DL6ER <dl6er@dl6er.de>
2025-12-24 04:38:28 +00:00 · 2023-10-12 18:04:30 +02:00
parent e4e2ffabff
commit d2701f7955
9 changed files with 25 additions and 21 deletions
--- a/scripts/pi-hole/js/footer.js
+++ b/scripts/pi-hole/js/footer.js
@@ -119,10 +119,11 @@ function piholeChange(action, duration) {
  $.ajax({
    url: "/api/dns/blocking",
    method: "POST",
-    data: JSON.stringify({
+    dataType: "json",
+    data: {
      blocking: action === "enable",
      timer: parseInt(duration, 10) > 0 ? parseInt(duration, 10) : null,
-    }),
+    },
  })
    .done(function (data) {
      if (data.blocking === action + "d") {
--- a/scripts/pi-hole/js/groups-adlists.js
+++ b/scripts/pi-hole/js/groups-adlists.js
@@ -516,7 +516,7 @@ function addAdlist(event) {
    url: "/api/lists",
    method: "post",
    dataType: "json",
-    data: JSON.stringify({ address: address, comment: comment, type: type }),
+    data: { address: address, comment: comment, type: type },
    success: function () {
      utils.enableAll();
      utils.showAlert("success", "fas fa-plus", "Successfully added " + type + "list", address);
@@ -582,12 +582,12 @@ function editAdlist() {
    url: "/api/lists/" + encodeURIComponent(addressDecoded),
    method: "put",
    dataType: "json",
-    data: JSON.stringify({
+    data: {
      groups: groups,
      comment: comment,
      enabled: enabled,
      type: type,
-    }),
+    },
    success: function () {
      utils.enableAll();
      utils.showAlert(
--- a/scripts/pi-hole/js/groups-clients.js
+++ b/scripts/pi-hole/js/groups-clients.js
@@ -440,7 +440,7 @@ function addClient() {
    url: "/api/clients",
    method: "post",
    dataType: "json",
-    data: JSON.stringify({ client: ip, comment: comment }),
+    data: { client: ip, comment: comment },
    success: function () {
      utils.enableAll();
      utils.showAlert("success", "fas fa-plus", "Successfully added client", ip);
@@ -495,12 +495,12 @@ function editClient() {
    url: "/api/clients/" + encodeURIComponent(clientDecoded),
    method: "put",
    dataType: "json",
-    data: JSON.stringify({
+    data: {
      client: client,
      groups: groups,
      comment: comment,
      enabled: enabled,
-    }),
+    },
    success: function () {
      utils.enableAll();
      utils.showAlert(
--- a/scripts/pi-hole/js/groups-domains.js
+++ b/scripts/pi-hole/js/groups-domains.js
@@ -527,12 +527,12 @@ function addDomain() {
    url: "/api/domains/" + type + "/" + kind,
    method: "post",
    dataType: "json",
-    data: JSON.stringify({
+    data: {
      domain: domain,
      comment: comment,
      type: type,
      kind: kind,
-    }),
+    },
    success: function () {
      utils.enableAll();
      utils.showAlert("success", "fas fa-plus", "Successfully added domain", domain);
@@ -609,13 +609,13 @@ function editDomain() {
    url: "/api/domains/" + newTypestr + "/" + encodeURIComponent(domainDecoded),
    method: "put",
    dataType: "json",
-    data: JSON.stringify({
+    data: {
      groups: groups,
      comment: comment,
      enabled: enabled,
      type: oldType,
      kind: oldKind,
-    }),
+    },
    success: function () {
      utils.enableAll();
      utils.showAlert(
--- a/scripts/pi-hole/js/groups.js
+++ b/scripts/pi-hole/js/groups.js
@@ -294,11 +294,11 @@ function addGroup() {
    url: "/api/groups",
    method: "post",
    dataType: "json",
-    data: JSON.stringify({
+    data: {
      name: name,
      comment: comment,
      enabled: true,
-    }),
+    },
    success: function () {
      utils.enableAll();
      utils.showAlert("success", "fas fa-plus", "Successfully added group", name);
@@ -360,11 +360,11 @@ function editGroup() {
    url: "/api/groups/" + oldName,
    method: "put",
    dataType: "json",
-    data: JSON.stringify({
+    data: {
      name: name,
      comment: comment,
      enabled: enabled,
-    }),
+    },
    success: function () {
      utils.enableAll();
      utils.showAlert("success", "fas fa-pencil-alt", "Successfully " + done + " group", oldName);
--- a/scripts/pi-hole/js/login.js
+++ b/scripts/pi-hole/js/login.js
@@ -60,7 +60,8 @@ function doLogin(password) {
  $.ajax({
    url: "/api/auth",
    method: "POST",
-    data: JSON.stringify({ password: password, totp: parseInt($("#totp").val(), 10) }),
+    dataType: "json",
+    data: { password: password, totp: parseInt($("#totp").val(), 10) },
  })
    .done(function () {
      wrongPassword(false, true);
--- a/scripts/pi-hole/js/settings-api.js
+++ b/scripts/pi-hole/js/settings-api.js
@@ -318,7 +318,8 @@ function setTOTPSecret(secret) {
  $.ajax({
    url: "/api/config",
    type: "PATCH",
-    data: JSON.stringify({ config: { webserver: { api: { totp_secret: secret } } } }),
+    dataType: "json",
+    data: { config: { webserver: { api: { totp_secret: secret } } } },
    contentType: "application/json",
  })
    .done(function () {
--- a/scripts/pi-hole/js/settings.js
+++ b/scripts/pi-hole/js/settings.js
@@ -137,7 +137,8 @@ function saveSettings() {
  $.ajax({
    url: "/api/config",
    method: "PATCH",
-    data: JSON.stringify({ config: settings }),
+    dataType: "json",
+    data: { config: settings },
    contentType: "application/json; charset=utf-8",
  })
    .done(function () {
--- a/scripts/pi-hole/js/utils.js
+++ b/scripts/pi-hole/js/utils.js
@@ -315,12 +315,12 @@ function addFromQueryLog(domain, list) {
      url: "/api/domains/" + list + "/exact",
      method: "post",
      dataType: "json",
-      data: JSON.stringify({
+      data: {
        domain: domain,
        comment: "Added from Query Log",
        type: list,
        kind: "exact",
-      }),
+      },
      success: function (response) {
        alProcessing.hide();
        if ("domains" in response && response.domains.length > 0) {