delete related attachments on export

enonic · Dec 10, 2018 · db12dc4 · db12dc4
1 parent 2f194ee
commit db12dc4
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 9 deletions.
diff --git a/src/main/resources/admin/widgets/formreport/formreport.html b/src/main/resources/admin/widgets/formreport/formreport.html
@@ -45,7 +45,7 @@
             <div class="form-group">
                 <div class="form-group-label">
                     <label for="purge">
-                        <input class="input-field" type="checkbox" name="purge" id="purge" checked="checked" style="-webkit-appearance:checkbox;-moz-appearance:checkbox;"/><span> Delete the exported form responses</span>
+                        <input class="input-field" type="checkbox" name="purge" id="purge" style="-webkit-appearance:checkbox;-moz-appearance:checkbox;"/><span> Delete the exported form responses</span>
                     </label>
                 </div>
             </div>

diff --git a/src/main/resources/services/formreport/formreport.js b/src/main/resources/services/formreport/formreport.js
@@ -20,9 +20,16 @@ function createCSV(responses, formContent, separator) {
         responseData.push(response.data);
     });
 
-    // Function to fallback to empty strings for empty fields
+    // Function to prettify field values
     var replacer = function(key, value) {
-        return (value === null) ? '' : value;
+        if (value && typeof value === 'string') {
+            // Convert whitespace to merged single space
+            return value.replace(/[\s]+/gm, ' ');
+        }
+        if (value === null) {
+            return ''
+        }
+        return value;
     };
 
     // Create CSV data
@@ -35,7 +42,8 @@ function createCSV(responses, formContent, separator) {
     // Add header column
     csv.unshift(fieldNames.join(separator));
 
-    return csv.join('\r\n');
+    // Add line endings for rows and escape every backslash-escaped doublequote (using the CSV double-doublequote method)
+    return csv.join('\r\n').replace(/\\"/gm, '""');
 }
 
 function handleGet(req) {
@@ -102,10 +110,25 @@ function handleGet(req) {
         // source: http://stackoverflow.com/questions/6002256
         csv = '\uFEFF' + csv;
 
-        // Delete exported content
+        // Delete exported content and related attachments
         if (purge) {
-            responsesMetadata.hits.forEach(function (hit) {
-                formbuilderRepo.delete(hit.id);
+            responses.forEach(function (response) {
+                // Delete related attachments
+                var relatedAttachmentIds = [];
+                Object.keys(response.data).forEach(function (key) {
+                    if (response.data[key] && typeof response.data[key] == 'object' && response.data[key].attachments) {
+                        util.forceArray(response.data[key].attachments).forEach(function (attachment) {
+                            if (attachment.id) {
+                                relatedAttachmentIds.push(attachment.id);
+                            }
+
+                        });
+                    }
+                });
+                formbuilderRepo.delete(relatedAttachmentIds);
+
+                // Delete form response
+                formbuilderRepo.delete(response._id);
             });
         }
     }

diff --git a/src/main/resources/site/lib/form-builder/form-response.js b/src/main/resources/site/lib/form-builder/form-response.js
@@ -142,12 +142,18 @@ var saveForm = function(form, siteConfig, request, responseFolder) {
   // TODO: delete any other parameters that are not present in the input config and not private
   delete form['g-recaptcha-response'];
 
-  // Sanitize input values
+  // Sanitize string input values
+  /*
+    Disabled until the full list of HTML entities has been documented so that it can be reversed upon report generation, e.g. revert all @ chars converted to &#64;
+    It seems like the "&\+<=>@ characters are the ones in question? Source: https://github.com/OWASP/java-html-sanitizer/issues/84
+    doublequote &#34;, et &amp;, backslash \\, backslashspace \\ , doublespace  , plus &#43;, lessthan &lt;, equals &#61;, greaterthan &gt;, at &#64;
+    
   for (var key in form) {
-    if (form.hasOwnProperty(key)) {
+    if (form.hasOwnProperty(key) && typeof form[key] === 'string') {
         form[key] = portal.sanitizeHtml(form[key]);
     }
   }
+  */
 
   var response = runAsSu(
       (siteConfig.storageLocation === 'cmsRepo') ? 'cms-repo' : 'com.enonic.formbuilder',