diff --git a/openlp/plugins/remotes/html/openlp.js b/openlp/plugins/remotes/html/openlp.js
index 686b61e29..d081a6b3e 100644
--- a/openlp/plugins/remotes/html/openlp.js
+++ b/openlp/plugins/remotes/html/openlp.js
@@ -283,8 +283,7 @@ window.OpenLP = {
$.mobile.changePage("#service-manager");
},
escapeString: function (string) {
- return string.replace(/\\/g, "\\\\").replace(/"/g, "\\\"").replace(
- /#/g, "%23").replace(/;/g, "%3B").replace(/\+/g, "%2B")
+ return string.replace(/\\/g, "\\\\").replace(/"/g, "\\\"")
}
}
// Service Manager
diff --git a/openlp/plugins/remotes/lib/httpserver.py b/openlp/plugins/remotes/lib/httpserver.py
index 6309666a7..94f30096b 100644
--- a/openlp/plugins/remotes/lib/httpserver.py
+++ b/openlp/plugins/remotes/lib/httpserver.py
@@ -115,6 +115,7 @@ import json
import logging
import os
import re
+import urllib
import urlparse
from PyQt4 import QtCore, QtNetwork
@@ -310,11 +311,14 @@ class HttpConnection(object):
"""
log.debug(u'ready to read socket')
if self.socket.canReadLine():
- data = self.socket.readLine()
- data = QtCore.QByteArray.fromPercentEncoding(data)
- data = unicode(data, 'utf8')
- log.debug(u'received: ' + data)
- words = data.split(u' ')
+ data = str(self.socket.readLine())
+ try:
+ log.debug(u'received: ' + data)
+ except UnicodeDecodeError:
+ # Malicious request containing non-ASCII characters.
+ self.close()
+ return
+ words = data.split(' ')
response = None
if words[0] == u'GET':
url = urlparse.urlparse(words[1])
@@ -423,6 +427,7 @@ class HttpConnection(object):
Send an alert.
"""
text = json.loads(self.url_params[u'data'][0])[u'request'][u'text']
+ text = urllib.unquote(text)
Receiver.send_message(u'alerts_text', [text])
return HttpResponse(json.dumps({u'results': {u'success': True}}),
{u'Content-Type': u'application/json'})
@@ -517,6 +522,7 @@ class HttpConnection(object):
The plugin name to search in.
"""
text = json.loads(self.url_params[u'data'][0])[u'request'][u'text']
+ text = urllib.unquote(text)
plugin = self.parent.plugin.pluginManager.get_plugin_by_name(type)
if plugin.status == PluginStatus.Active and \
plugin.mediaItem and plugin.mediaItem.hasSearch: