tyler.durden
/
icingaweb2
mirror of https://github.com/Icinga/icingaweb2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

FilterEditor: always escape filter embedded in HTML

This commit is contained in:
Alexander A. Klimov 2016-02-19 15:22:10 +01:00
parent dc6ea11415
commit 41a8c75a4f
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
library/Icinga/Web/Widget/FilterEditor.php
View File

@ -714,7 +714,7 @@ class FilterEditor extends AbstractWidget
} else { } else {
$title = t('Modify this filter'); $title = t('Modify this filter');
if (! $this->filter->isEmpty()) { if (! $this->filter->isEmpty()) {
$title .= ': ' . $this->filter; $title .= ': ' . $this->view()->escape($this->filter);
} }
} }
return $html return $html
@ -732,7 +732,7 @@ class FilterEditor extends AbstractWidget
public function render() public function render()
{ {
if (! $this->preservedUrl()->getParam('modifyFilter')) { if (! $this->preservedUrl()->getParam('modifyFilter')) {
return '<div class="filter">' . $this->renderSearch() . $this->shorten($this->filter, 50) . '</div>'; return '<div class="filter">' . $this->renderSearch() . $this->view()->escape($this->shorten($this->filter, 50)) . '</div>';
} }
return '<div class="filter">' return '<div class="filter">'
. $this->renderSearch() . $this->renderSearch()