From cb27a3d0f1a2749ff604495e0c1830ae5267402f Mon Sep 17 00:00:00 2001 From: Matthias Jentsch Date: Tue, 22 Jul 2014 17:57:40 +0200 Subject: [PATCH 1/7] Do not use height and width in bar charts, to avoid layout errors --- config/dashboard/dashboard.ini | 4 ---- .../application/views/scripts/chart/hostgroup.phtml | 2 +- .../application/views/scripts/chart/servicegroup.phtml | 2 +- 3 files changed, 2 insertions(+), 6 deletions(-) diff --git a/config/dashboard/dashboard.ini b/config/dashboard/dashboard.ini index 8d500f341..022b34be5 100644 --- a/config/dashboard/dashboard.ini +++ b/config/dashboard/dashboard.ini @@ -24,13 +24,9 @@ title = "Landing page" [Landing.Hostgroups] url = "monitoring/chart/hostgroup" -height = 540 -width = 540 [Landing.Servicegroups] url = "monitoring/chart/servicegroup" -height = 540 -width = 540 [Landing.Unhandled Problem Services] url = "monitoring/list/services" diff --git a/modules/monitoring/application/views/scripts/chart/hostgroup.phtml b/modules/monitoring/application/views/scripts/chart/hostgroup.phtml index 2bdbe428c..1f98bb8db 100644 --- a/modules/monitoring/application/views/scripts/chart/hostgroup.phtml +++ b/modules/monitoring/application/views/scripts/chart/hostgroup.phtml @@ -1,5 +1,5 @@ -
+
render(); ?> diff --git a/modules/monitoring/application/views/scripts/chart/servicegroup.phtml b/modules/monitoring/application/views/scripts/chart/servicegroup.phtml index 2bdbe428c..1f98bb8db 100644 --- a/modules/monitoring/application/views/scripts/chart/servicegroup.phtml +++ b/modules/monitoring/application/views/scripts/chart/servicegroup.phtml @@ -1,5 +1,5 @@ -
+
render(); ?> From 2ff43abcf5860f4002d4fbb2aee930b22ab93ea6 Mon Sep 17 00:00:00 2001 From: Alexander Klimov Date: Wed, 23 Jul 2014 12:12:05 +0200 Subject: [PATCH 2/7] Do not use htmlspecialchars in widgets refs #6759 --- library/Icinga/Web/Widget/AbstractWidget.php | 2 +- library/Icinga/Web/Widget/AlertMessageBox.php | 2 +- library/Icinga/Web/Widget/Chart/InlinePie.php | 16 ++++++++-------- library/Icinga/Web/Widget/Tabs.php | 2 +- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/library/Icinga/Web/Widget/AbstractWidget.php b/library/Icinga/Web/Widget/AbstractWidget.php index 37fb7ad36..962bcc210 100644 --- a/library/Icinga/Web/Widget/AbstractWidget.php +++ b/library/Icinga/Web/Widget/AbstractWidget.php @@ -118,7 +118,7 @@ abstract class AbstractWidget try { $html = $this->render($this->view()); } catch (Exception $e) { - return htmlspecialchars($e->getMessage()); + return $this->escape($e->getMessage()); } return (string) $html; } diff --git a/library/Icinga/Web/Widget/AlertMessageBox.php b/library/Icinga/Web/Widget/AlertMessageBox.php index 09016f490..69113912e 100644 --- a/library/Icinga/Web/Widget/AlertMessageBox.php +++ b/library/Icinga/Web/Widget/AlertMessageBox.php @@ -124,7 +124,7 @@ class AlertMessageBox extends AbstractWidget $alert = $this->states[$level]; $html .= '
' . $this->view()->icon($alert['icon']) . - '' . htmlspecialchars($message->getMessage()) . '' . + '' . $this->escape($message->getMessage()) . '' . '
'; } return $html; diff --git a/library/Icinga/Web/Widget/Chart/InlinePie.php b/library/Icinga/Web/Widget/Chart/InlinePie.php index e4621ba09..8a36dbf01 100644 --- a/library/Icinga/Web/Widget/Chart/InlinePie.php +++ b/library/Icinga/Web/Widget/Chart/InlinePie.php @@ -24,7 +24,7 @@ class InlinePie extends AbstractWidget const NUMBER_FORMAT_TIME = 'time'; const NUMBER_FORMAT_BYTES = 'bytes'; const NUMBER_FORMAT_RATIO = 'ratio'; - + /** * The template string used for rendering this widget * The template string used for rendering this widget @@ -137,7 +137,7 @@ EOD; * @var string */ private $tooltipFormat = '{{title}}
{{label}}: {{formatted}} ({{percent}}%)'; - + /** * The number format used to render numeric values in tooltips * @@ -212,7 +212,7 @@ EOD; { $this->format = $format; } - + /** * A format string used to render the content of the piechart tooltips * @@ -346,11 +346,11 @@ EOD; { $template = $this->template; $template = str_replace('{url}', $this->url, $template); - + // style $template = str_replace('{width}', $this->width, $template); $template = str_replace('{height}', $this->height, $template); - $template = str_replace('{title}', htmlspecialchars($this->title), $template); + $template = str_replace('{title}', $this->escape($this->title), $template); $template = str_replace('{style}', $this->style, $template); $template = str_replace('{colors}', implode(',', $this->colors), $template); $template = str_replace('{borderWidth}', $this->borderWidth, $template); @@ -370,9 +370,9 @@ EOD; foreach ($this->data as $key => $value) { $formatted[$key] = $this->formatValue($value); } - $template = str_replace('{data}', htmlspecialchars(implode(',', $data)), $template); - $template = str_replace('{formatted}', htmlspecialchars(implode('|', $formatted)), $template); - $template = str_replace('{labels}', htmlspecialchars($this->createLabelString()), $template); + $template = str_replace('{data}', $this->escape(implode(',', $data)), $template); + $template = str_replace('{formatted}', $this->escape(implode('|', $formatted)), $template); + $template = str_replace('{labels}', $this->escape($this->createLabelString()), $template); $template = str_replace('{tooltipFormat}', $this->tooltipFormat, $template); return $template; } diff --git a/library/Icinga/Web/Widget/Tabs.php b/library/Icinga/Web/Widget/Tabs.php index cd480ba32..25f88533b 100644 --- a/library/Icinga/Web/Widget/Tabs.php +++ b/library/Icinga/Web/Widget/Tabs.php @@ -259,7 +259,7 @@ EOT; try { $html = $this->render(Icinga::app()->getViewRenderer()->view); } catch (Exception $e) { - return htmlspecialchars($e->getMessage()); + return $this->escape($e->getMessage()); } return $html; } From 607aa9b203377126b399667cd0b10c80d75e04b7 Mon Sep 17 00:00:00 2001 From: Alexander Klimov Date: Wed, 23 Jul 2014 12:12:49 +0200 Subject: [PATCH 3/7] Do not use htmlspecialchars in view scripts fixes #6759 --- .../application/views/helpers/Perfdata.php | 6 +++--- .../views/scripts/list/contacts.phtml | 8 ++++---- .../application/views/scripts/show/contact.phtml | 16 ++++++++-------- 3 files changed, 15 insertions(+), 15 deletions(-) diff --git a/modules/monitoring/application/views/helpers/Perfdata.php b/modules/monitoring/application/views/helpers/Perfdata.php index f4cffaea7..193048334 100644 --- a/modules/monitoring/application/views/helpers/Perfdata.php +++ b/modules/monitoring/application/views/helpers/Perfdata.php @@ -36,9 +36,9 @@ class Zend_View_Helper_Perfdata extends Zend_View_Helper_Abstract } $pieChart->setStyle('margin: 0.2em 0.5em 0.2em 0.5em;'); $table[] = '' . $pieChart->render() - . htmlspecialchars($perfdata->getLabel()) + . $this->escape($perfdata->getLabel()) . ' ' - . htmlspecialchars($this->formatPerfdataValue($perfdata)) . + . $this->escape($this->formatPerfdataValue($perfdata)) . ' '; } } @@ -89,7 +89,7 @@ class Zend_View_Helper_Perfdata extends Zend_View_Helper_Abstract protected function createInlinePie(Perfdata $perfdata) { $pieChart = new InlinePie($this->calculatePieChartData($perfdata), $perfdata->getLabel()); - $pieChart->setLabel(htmlspecialchars($perfdata->getLabel())); + $pieChart->setLabel($this->escape($perfdata->getLabel())); $pieChart->setHideEmptyLabel(); //$pieChart->setHeight(32)->setWidth(32); diff --git a/modules/monitoring/application/views/scripts/list/contacts.phtml b/modules/monitoring/application/views/scripts/list/contacts.phtml index 81a061973..9fc05de8e 100644 --- a/modules/monitoring/application/views/scripts/list/contacts.phtml +++ b/modules/monitoring/application/views/scripts/list/contacts.phtml @@ -26,23 +26,23 @@ $contactHelper = $this->getHelper('ContactFlags');
%2$s', t('Email'), - htmlspecialchars($contact->contact_email) + $this->escape($contact->contact_email) ) ?>
contact_pager): ?>
: - contact_pager) ?> + escape($contact->contact_pager) ?>
: - contact_notify_service_timeperiod) ?> + escape($contact->contact_notify_service_timeperiod) ?>
: - contact_notify_host_timeperiod) ?> + escape($contact->contact_notify_host_timeperiod) ?>
diff --git a/modules/monitoring/application/views/scripts/show/contact.phtml b/modules/monitoring/application/views/scripts/show/contact.phtml index 609bbbc69..a7b691eb4 100644 --- a/modules/monitoring/application/views/scripts/show/contact.phtml +++ b/modules/monitoring/application/views/scripts/show/contact.phtml @@ -7,8 +7,8 @@ $contactHelper = $this->getHelper('ContactFlags'); - contact_name) ?> (contact_alias) + escape($contact->contact_name) ?> (escape($contact->contact_alias) ?>) @@ -18,30 +18,30 @@ $contactHelper = $this->getHelper('ContactFlags'); %1$s', - htmlspecialchars($contact->contact_email) + $this->escape($contact->contact_email) ); ?> contact_pager): ?> - contact_pager) ?> + escape($contact->contact_pager) ?> - contactFlags($contact, 'service')) ?> + escape($contactHelper->contactFlags($contact, 'service')) ?> - contactFlags($contact, 'host')) ?> + escape($contactHelper->contactFlags($contact, 'host')) ?> - contact_notify_service_timeperiod) ?> + escape($contact->contact_notify_service_timeperiod) ?> - contact_notify_host_timeperiod) ?> + escape($contact->contact_notify_host_timeperiod) ?> From a68ccecb28bf5907cada08a2261176f628e20fbc Mon Sep 17 00:00:00 2001 From: Eric Lippmann Date: Wed, 23 Jul 2014 12:28:04 +0200 Subject: [PATCH 4/7] Revert "Do not use htmlspecialchars in widgets" This reverts commit 2ff43abcf5860f4002d4fbb2aee930b22ab93ea6. `Widget::escape()' does not exist. But `Widget::view()::espcae()' does. --- library/Icinga/Web/Widget/AbstractWidget.php | 2 +- library/Icinga/Web/Widget/AlertMessageBox.php | 2 +- library/Icinga/Web/Widget/Chart/InlinePie.php | 16 ++++++++-------- library/Icinga/Web/Widget/Tabs.php | 2 +- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/library/Icinga/Web/Widget/AbstractWidget.php b/library/Icinga/Web/Widget/AbstractWidget.php index 962bcc210..37fb7ad36 100644 --- a/library/Icinga/Web/Widget/AbstractWidget.php +++ b/library/Icinga/Web/Widget/AbstractWidget.php @@ -118,7 +118,7 @@ abstract class AbstractWidget try { $html = $this->render($this->view()); } catch (Exception $e) { - return $this->escape($e->getMessage()); + return htmlspecialchars($e->getMessage()); } return (string) $html; } diff --git a/library/Icinga/Web/Widget/AlertMessageBox.php b/library/Icinga/Web/Widget/AlertMessageBox.php index 69113912e..09016f490 100644 --- a/library/Icinga/Web/Widget/AlertMessageBox.php +++ b/library/Icinga/Web/Widget/AlertMessageBox.php @@ -124,7 +124,7 @@ class AlertMessageBox extends AbstractWidget $alert = $this->states[$level]; $html .= '
' . $this->view()->icon($alert['icon']) . - '' . $this->escape($message->getMessage()) . '' . + '' . htmlspecialchars($message->getMessage()) . '' . '
'; } return $html; diff --git a/library/Icinga/Web/Widget/Chart/InlinePie.php b/library/Icinga/Web/Widget/Chart/InlinePie.php index 8a36dbf01..e4621ba09 100644 --- a/library/Icinga/Web/Widget/Chart/InlinePie.php +++ b/library/Icinga/Web/Widget/Chart/InlinePie.php @@ -24,7 +24,7 @@ class InlinePie extends AbstractWidget const NUMBER_FORMAT_TIME = 'time'; const NUMBER_FORMAT_BYTES = 'bytes'; const NUMBER_FORMAT_RATIO = 'ratio'; - + /** * The template string used for rendering this widget * The template string used for rendering this widget @@ -137,7 +137,7 @@ EOD; * @var string */ private $tooltipFormat = '{{title}}
{{label}}: {{formatted}} ({{percent}}%)'; - + /** * The number format used to render numeric values in tooltips * @@ -212,7 +212,7 @@ EOD; { $this->format = $format; } - + /** * A format string used to render the content of the piechart tooltips * @@ -346,11 +346,11 @@ EOD; { $template = $this->template; $template = str_replace('{url}', $this->url, $template); - + // style $template = str_replace('{width}', $this->width, $template); $template = str_replace('{height}', $this->height, $template); - $template = str_replace('{title}', $this->escape($this->title), $template); + $template = str_replace('{title}', htmlspecialchars($this->title), $template); $template = str_replace('{style}', $this->style, $template); $template = str_replace('{colors}', implode(',', $this->colors), $template); $template = str_replace('{borderWidth}', $this->borderWidth, $template); @@ -370,9 +370,9 @@ EOD; foreach ($this->data as $key => $value) { $formatted[$key] = $this->formatValue($value); } - $template = str_replace('{data}', $this->escape(implode(',', $data)), $template); - $template = str_replace('{formatted}', $this->escape(implode('|', $formatted)), $template); - $template = str_replace('{labels}', $this->escape($this->createLabelString()), $template); + $template = str_replace('{data}', htmlspecialchars(implode(',', $data)), $template); + $template = str_replace('{formatted}', htmlspecialchars(implode('|', $formatted)), $template); + $template = str_replace('{labels}', htmlspecialchars($this->createLabelString()), $template); $template = str_replace('{tooltipFormat}', $this->tooltipFormat, $template); return $template; } diff --git a/library/Icinga/Web/Widget/Tabs.php b/library/Icinga/Web/Widget/Tabs.php index 25f88533b..cd480ba32 100644 --- a/library/Icinga/Web/Widget/Tabs.php +++ b/library/Icinga/Web/Widget/Tabs.php @@ -259,7 +259,7 @@ EOT; try { $html = $this->render(Icinga::app()->getViewRenderer()->view); } catch (Exception $e) { - return $this->escape($e->getMessage()); + return htmlspecialchars($e->getMessage()); } return $html; } From 9269a0cbd51404142c127a822aaf912625976d85 Mon Sep 17 00:00:00 2001 From: Eric Lippmann Date: Wed, 23 Jul 2014 12:29:27 +0200 Subject: [PATCH 5/7] Revert "Do not use htmlspecialchars in view scripts" This reverts commit 607aa9b203377126b399667cd0b10c80d75e04b7. `Perfdata::escape()' does not exist. But `Perfdata::view::escape()' does. --- .../application/views/helpers/Perfdata.php | 6 +++--- .../views/scripts/list/contacts.phtml | 8 ++++---- .../application/views/scripts/show/contact.phtml | 16 ++++++++-------- 3 files changed, 15 insertions(+), 15 deletions(-) diff --git a/modules/monitoring/application/views/helpers/Perfdata.php b/modules/monitoring/application/views/helpers/Perfdata.php index 193048334..f4cffaea7 100644 --- a/modules/monitoring/application/views/helpers/Perfdata.php +++ b/modules/monitoring/application/views/helpers/Perfdata.php @@ -36,9 +36,9 @@ class Zend_View_Helper_Perfdata extends Zend_View_Helper_Abstract } $pieChart->setStyle('margin: 0.2em 0.5em 0.2em 0.5em;'); $table[] = '' . $pieChart->render() - . $this->escape($perfdata->getLabel()) + . htmlspecialchars($perfdata->getLabel()) . ' ' - . $this->escape($this->formatPerfdataValue($perfdata)) . + . htmlspecialchars($this->formatPerfdataValue($perfdata)) . ' '; } } @@ -89,7 +89,7 @@ class Zend_View_Helper_Perfdata extends Zend_View_Helper_Abstract protected function createInlinePie(Perfdata $perfdata) { $pieChart = new InlinePie($this->calculatePieChartData($perfdata), $perfdata->getLabel()); - $pieChart->setLabel($this->escape($perfdata->getLabel())); + $pieChart->setLabel(htmlspecialchars($perfdata->getLabel())); $pieChart->setHideEmptyLabel(); //$pieChart->setHeight(32)->setWidth(32); diff --git a/modules/monitoring/application/views/scripts/list/contacts.phtml b/modules/monitoring/application/views/scripts/list/contacts.phtml index 9fc05de8e..81a061973 100644 --- a/modules/monitoring/application/views/scripts/list/contacts.phtml +++ b/modules/monitoring/application/views/scripts/list/contacts.phtml @@ -26,23 +26,23 @@ $contactHelper = $this->getHelper('ContactFlags');
%2$s', t('Email'), - $this->escape($contact->contact_email) + htmlspecialchars($contact->contact_email) ) ?>
contact_pager): ?>
: - escape($contact->contact_pager) ?> + contact_pager) ?>
: - escape($contact->contact_notify_service_timeperiod) ?> + contact_notify_service_timeperiod) ?>
: - escape($contact->contact_notify_host_timeperiod) ?> + contact_notify_host_timeperiod) ?>
diff --git a/modules/monitoring/application/views/scripts/show/contact.phtml b/modules/monitoring/application/views/scripts/show/contact.phtml index a7b691eb4..609bbbc69 100644 --- a/modules/monitoring/application/views/scripts/show/contact.phtml +++ b/modules/monitoring/application/views/scripts/show/contact.phtml @@ -7,8 +7,8 @@ $contactHelper = $this->getHelper('ContactFlags'); - escape($contact->contact_name) ?> (escape($contact->contact_alias) + contact_name) ?> (contact_alias) ?>) @@ -18,30 +18,30 @@ $contactHelper = $this->getHelper('ContactFlags'); %1$s', - $this->escape($contact->contact_email) + htmlspecialchars($contact->contact_email) ); ?> contact_pager): ?> - escape($contact->contact_pager) ?> + contact_pager) ?> - escape($contactHelper->contactFlags($contact, 'service')) ?> + contactFlags($contact, 'service')) ?> - escape($contactHelper->contactFlags($contact, 'host')) ?> + contactFlags($contact, 'host')) ?> - escape($contact->contact_notify_service_timeperiod) ?> + contact_notify_service_timeperiod) ?> - escape($contact->contact_notify_host_timeperiod) ?> + contact_notify_host_timeperiod) ?> From a2809552f2ac509d69afcb99ab26fbecf7b0b7ae Mon Sep 17 00:00:00 2001 From: Alexander Klimov Date: Wed, 23 Jul 2014 12:41:05 +0200 Subject: [PATCH 6/7] Do not use htmlspecialchars in view scripts fixes #6759 --- .../views/scripts/list/contacts.phtml | 8 ++++---- .../application/views/scripts/show/contact.phtml | 16 ++++++++-------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/modules/monitoring/application/views/scripts/list/contacts.phtml b/modules/monitoring/application/views/scripts/list/contacts.phtml index 81a061973..9fc05de8e 100644 --- a/modules/monitoring/application/views/scripts/list/contacts.phtml +++ b/modules/monitoring/application/views/scripts/list/contacts.phtml @@ -26,23 +26,23 @@ $contactHelper = $this->getHelper('ContactFlags');
%2$s', t('Email'), - htmlspecialchars($contact->contact_email) + $this->escape($contact->contact_email) ) ?>
contact_pager): ?>
: - contact_pager) ?> + escape($contact->contact_pager) ?>
: - contact_notify_service_timeperiod) ?> + escape($contact->contact_notify_service_timeperiod) ?>
: - contact_notify_host_timeperiod) ?> + escape($contact->contact_notify_host_timeperiod) ?>
diff --git a/modules/monitoring/application/views/scripts/show/contact.phtml b/modules/monitoring/application/views/scripts/show/contact.phtml index 609bbbc69..a7b691eb4 100644 --- a/modules/monitoring/application/views/scripts/show/contact.phtml +++ b/modules/monitoring/application/views/scripts/show/contact.phtml @@ -7,8 +7,8 @@ $contactHelper = $this->getHelper('ContactFlags'); - contact_name) ?> (contact_alias) + escape($contact->contact_name) ?> (escape($contact->contact_alias) ?>) @@ -18,30 +18,30 @@ $contactHelper = $this->getHelper('ContactFlags'); %1$s', - htmlspecialchars($contact->contact_email) + $this->escape($contact->contact_email) ); ?> contact_pager): ?> - contact_pager) ?> + escape($contact->contact_pager) ?> - contactFlags($contact, 'service')) ?> + escape($contactHelper->contactFlags($contact, 'service')) ?> - contactFlags($contact, 'host')) ?> + escape($contactHelper->contactFlags($contact, 'host')) ?> - contact_notify_service_timeperiod) ?> + escape($contact->contact_notify_service_timeperiod) ?> - contact_notify_host_timeperiod) ?> + escape($contact->contact_notify_host_timeperiod) ?> From a4b7204e2397fcb66ac262f608b0dfa22be48cda Mon Sep 17 00:00:00 2001 From: Alexander Klimov Date: Wed, 23 Jul 2014 13:10:09 +0200 Subject: [PATCH 7/7] Contactgroups view: correct links to contacts detail pages fixes #6514 --- .../application/views/scripts/list/contactgroups.phtml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/monitoring/application/views/scripts/list/contactgroups.phtml b/modules/monitoring/application/views/scripts/list/contactgroups.phtml index 98661f4e6..c110bf011 100644 --- a/modules/monitoring/application/views/scripts/list/contactgroups.phtml +++ b/modules/monitoring/application/views/scripts/list/contactgroups.phtml @@ -22,7 +22,7 @@ foreach ($groupData as $groupName => $groupInfo): ?>
escape($c->contact_alias) ?>