DataFilter: hide json-encoded special characters

...from our filter parser

fixes #2667

doc/82-Changelog.md

@@ -22,6 +22,7 @@ This version hasn't been released yet
 ### Icinga Configuration
 * FEATURE: render fallback template for IfW 1.11 for Icinga < 2.14 (#2776)
 * FIX: render Set Services to individual zones where required (#1589, #2356)
+* FIX: special characters like & and | caused trouble in filters (#2667)
 
 ### Import and Sync
 * FEATURE: regular expression based modifier allows explicit NULL on no match (#2705)

library/Director/Web/Form/Element/DataFilter.php

@@ -2,6 +2,7 @@
 
 namespace Icinga\Module\Director\Web\Form\Element;
 
+use gipfl\Json\JsonString;
 use Icinga\Data\Filter\Filter;
 use Icinga\Data\Filter\FilterChain;
 use Icinga\Data\Filter\FilterExpression;
@@ -268,13 +269,13 @@ class DataFilter extends FormElement
             return Filter::expression(
                 $entry['column'],
                 '=',
-                json_encode(true)
+                $this->jsonEncode(true)
             );
         } elseif ($entry['sign'] === 'false') {
             return Filter::expression(
                 $entry['column'],
                 '=',
-                json_encode(false)
+                $this->jsonEncode(false)
             );
         } elseif ($entry['sign'] === 'in') {
             if (array_key_exists('value', $entry)) {
@@ -291,13 +292,13 @@ class DataFilter extends FormElement
             return Filter::expression(
                 $entry['column'],
                 '=',
-                json_encode($value)
+                $this->jsonEncode($value)
             );
         } elseif ($entry['sign'] === 'contains') {
             $value = array_key_exists('value', $entry) ? $entry['value'] : null;
 
             return Filter::expression(
-                json_encode($value),
+                $this->jsonEncode($value),
                 '=',
                 $entry['column']
             );
@@ -307,11 +308,20 @@ class DataFilter extends FormElement
             return Filter::expression(
                 $entry['column'],
                 $entry['sign'],
-                json_encode($value)
+                $this->jsonEncode($value)
             );
         }
     }
 
+    protected function jsonEncode($string)
+    {
+        return preg_replace(
+            ['/&/u', '/\|/u', '/!/u', '/=/u', '/>/u', '/</u'],
+            ['\u0026', '\u007c', '\u0021', '\u003d', '\u003e', '\u003c'],
+            JsonString::encode($string)
+        );
+    }
+
     protected function entryAction($entry)
     {
         if (array_key_exists('action', $entry)) {