From 0ea6de2f8c3465ae87e5a131dfe0a8d66e1dcc5d Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@owncloud.com>
Date: Tue, 17 Feb 2015 15:25:38 +0100
Subject: [PATCH] Encode Requesttoken for avatars

Fixes new avatar selection in master half, other half will work when https://github.com/owncloud/core/pull/14266 has get merged.

Shocking to see how much places in our code do it wrong :gun:
---
 settings/js/personal.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/settings/js/personal.js b/settings/js/personal.js
index 0cf0cd81a7..1202d9743d 100644
--- a/settings/js/personal.js
+++ b/settings/js/personal.js
@@ -110,7 +110,7 @@ function showAvatarCropper () {
 	var $cropperImage = $('#cropper img');
 
 	$cropperImage.attr('src',
-		OC.generateUrl('/avatar/tmp') + '?requesttoken=' + oc_requesttoken + '#' + Math.floor(Math.random() * 1000));
+		OC.generateUrl('/avatar/tmp') + '?requesttoken=' + encodeURIComponent(oc_requesttoken) + '#' + Math.floor(Math.random() * 1000));
 
 	// Looks weird, but on('load', ...) doesn't work in IE8
 	$cropperImage.ready(function () {
@@ -311,7 +311,7 @@ $(document).ready(function () {
 	var url = OC.generateUrl(
 		'/avatar/{user}/{size}',
 		{user: OC.currentUser, size: 1}
-	) + '?requesttoken=' + oc_requesttoken;
+	) + '?requesttoken=' + encodeURIComponent(oc_requesttoken);
 	$.get(url, function (result) {
 		if (typeof(result) === 'object') {
 			$('#removeavatar').hide();
-- 
GitLab