tyler.durden/icingaweb2-module-director
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2-module-director.git synced 2025-07-29 00:34:05 +02:00
Code Issues Packages Projects Releases Wiki Activity

DataFilter: hide json-encoded special characters

Browse Source 
...from our filter parser

fixes #2667
This commit is contained in:
Thomas Gelf 2023-07-30 19:46:38 +02:00
parent d429c9e5cc
commit 2a140a512b
2 changed files with 16 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
doc/82-Changelog.md
View File

@ -22,6 +22,7 @@ This version hasn't been released yet
### Icinga Configuration ### Icinga Configuration
* FEATURE: render fallback template for IfW 1.11 for Icinga < 2.14 (#2776) * FEATURE: render fallback template for IfW 1.11 for Icinga < 2.14 (#2776)
* FIX: render Set Services to individual zones where required (#1589, #2356) * FIX: render Set Services to individual zones where required (#1589, #2356)
* FIX: special characters like & and | caused trouble in filters (#2667)
### Import and Sync ### Import and Sync
* FEATURE: regular expression based modifier allows explicit NULL on no match (#2705) * FEATURE: regular expression based modifier allows explicit NULL on no match (#2705)

20
library/Director/Web/Form/Element/DataFilter.php
View File

@ -2,6 +2,7 @@
namespace Icinga\Module\Director\Web\Form\Element; namespace Icinga\Module\Director\Web\Form\Element;
use gipfl\Json\JsonString;
use Icinga\Data\Filter\Filter; use Icinga\Data\Filter\Filter;
use Icinga\Data\Filter\FilterChain; use Icinga\Data\Filter\FilterChain;
use Icinga\Data\Filter\FilterExpression; use Icinga\Data\Filter\FilterExpression;
@ -268,13 +269,13 @@ class DataFilter extends FormElement
return Filter::expression( return Filter::expression(
$entry['column'], $entry['column'],
'=', '=',
json_encode(true) $this->jsonEncode(true)
); );
} elseif ($entry['sign'] === 'false') { } elseif ($entry['sign'] === 'false') {
return Filter::expression( return Filter::expression(
$entry['column'], $entry['column'],
'=', '=',
json_encode(false) $this->jsonEncode(false)
); );
} elseif ($entry['sign'] === 'in') { } elseif ($entry['sign'] === 'in') {
if (array_key_exists('value', $entry)) { if (array_key_exists('value', $entry)) {
@ -291,13 +292,13 @@ class DataFilter extends FormElement
return Filter::expression( return Filter::expression(
$entry['column'], $entry['column'],
'=', '=',
json_encode($value) $this->jsonEncode($value)
); );
} elseif ($entry['sign'] === 'contains') { } elseif ($entry['sign'] === 'contains') {
$value = array_key_exists('value', $entry) ? $entry['value'] : null; $value = array_key_exists('value', $entry) ? $entry['value'] : null;
return Filter::expression( return Filter::expression(
json_encode($value), $this->jsonEncode($value),
'=', '=',
$entry['column'] $entry['column']
); );
@ -307,11 +308,20 @@ class DataFilter extends FormElement
return Filter::expression( return Filter::expression(
$entry['column'], $entry['column'],
$entry['sign'], $entry['sign'],
json_encode($value) $this->jsonEncode($value)
); );
} }
} }
protected function jsonEncode($string)
{
return preg_replace(
['/&/u', '/\|/u', '/!/u', '/=/u', '/>/u', '/</u'],
['\u0026', '\u007c', '\u0021', '\u003d', '\u003e', '\u003c'],
JsonString::encode($string)
);
}
protected function entryAction($entry) protected function entryAction($entry)
{ {
if (array_key_exists('action', $entry)) { if (array_key_exists('action', $entry)) {