tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-07-28 00:04:04 +02:00
Code Issues Packages Projects Releases Wiki Activity

FilterEditor: always escape filter embedded in HTML

Browse Source
This commit is contained in:
Alexander A. Klimov 2016-02-19 15:22:10 +01:00
parent dc6ea11415
commit 41a8c75a4f
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
library/Icinga/Web/Widget/FilterEditor.php
View File

@ -714,7 +714,7 @@ class FilterEditor extends AbstractWidget
} else {
$title = t('Modify this filter');
if (! $this->filter->isEmpty()) {
$title .= ': ' . $this->filter;
$title .= ': ' . $this->view()->escape($this->filter);
}
}
return $html
@ -732,7 +732,7 @@ class FilterEditor extends AbstractWidget
public function render()
{
if (! $this->preservedUrl()->getParam('modifyFilter')) {
return '<div class="filter">' . $this->renderSearch() . $this->shorten($this->filter, 50) . '</div>';
return '<div class="filter">' . $this->renderSearch() . $this->view()->escape($this->shorten($this->filter, 50)) . '</div>';
}
return '<div class="filter">'
. $this->renderSearch()