tyler.durden
/
icingaweb2
mirror of https://github.com/Icinga/icingaweb2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Do not use htmlspecialchars in view scripts 

fixes #6759
This commit is contained in:
Alexander Klimov 2014-07-23 12:12:49 +02:00
parent 2ff43abcf5
commit 607aa9b203
3 changed files with 15 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
modules/monitoring/application/views/helpers/Perfdata.php
View File

@ -36,9 +36,9 @@ class Zend_View_Helper_Perfdata extends Zend_View_Helper_Abstract
}
$pieChart->setStyle('margin: 0.2em 0.5em 0.2em 0.5em;');
$table[] = '<tr><th>' . $pieChart->render()
. htmlspecialchars($perfdata->getLabel())
. $this->escape($perfdata->getLabel())
. '</th><td> '
. htmlspecialchars($this->formatPerfdataValue($perfdata)) .
. $this->escape($this->formatPerfdataValue($perfdata)) .
' </td></tr>';
}
}
@ -89,7 +89,7 @@ class Zend_View_Helper_Perfdata extends Zend_View_Helper_Abstract
protected function createInlinePie(Perfdata $perfdata)
{
$pieChart = new InlinePie($this->calculatePieChartData($perfdata), $perfdata->getLabel());
$pieChart->setLabel(htmlspecialchars($perfdata->getLabel()));
$pieChart->setLabel($this->escape($perfdata->getLabel()));
$pieChart->setHideEmptyLabel();
//$pieChart->setHeight(32)->setWidth(32);

8
modules/monitoring/application/views/scripts/list/contacts.phtml
View File

@ -26,23 +26,23 @@ $contactHelper = $this->getHelper('ContactFlags');
<div><?= sprintf(
'%1$s: <a href="mailto:%2$s">%2$s</a>',
t('Email'),
htmlspecialchars($contact->contact_email)
$this->escape($contact->contact_email)
) ?></div>
<?php if ($contact->contact_pager): ?>
<div>
<?= t('Pager') ?>:
<?= htmlspecialchars($contact->contact_pager) ?>
<?= $this->escape($contact->contact_pager) ?>
</div>
<?php endif; ?>
<div style="clear: both;"></div>
<div class="notification-periods">
<div>
<?= t('Service notification period') ?>:
<?= htmlspecialchars($contact->contact_notify_service_timeperiod) ?>
<?= $this->escape($contact->contact_notify_service_timeperiod) ?>
</div>
<div>
<?= t('Host notification period') ?>:
<?= htmlspecialchars($contact->contact_notify_host_timeperiod) ?>
<?= $this->escape($contact->contact_notify_host_timeperiod) ?>
</div>
</div>
</div>

16
modules/monitoring/application/views/scripts/show/contact.phtml
View File

@ -7,8 +7,8 @@ $contactHelper = $this->getHelper('ContactFlags');
<thead>
<tr>
<th colspan="2" style="text-align: left">
<?= htmlspecialchars($contact->contact_name) ?><span style="font-weight: normal;"> (<?=
htmlspecialchars($contact->contact_alias)
<?= $this->escape($contact->contact_name) ?><span style="font-weight: normal;"> (<?=
$this->escape($contact->contact_alias)
?>)</span>
</th>
</tr>
@ -18,30 +18,30 @@ $contactHelper = $this->getHelper('ContactFlags');
<td><?= t('Email') ?></td>
<td><?php printf(
'<a href="mailto:%1$s">%1$s</a>',
htmlspecialchars($contact->contact_email)
$this->escape($contact->contact_email)
); ?></td>
</tr>
<?php if ($contact->contact_pager): ?>
<tr>
<td><?= t('Pager') ?></td>
<td><?= htmlspecialchars($contact->contact_pager) ?></td>
<td><?= $this->escape($contact->contact_pager) ?></td>
</tr>
<?php endif; ?>
<tr>
<td><?= t('Flags (service)') ?></td>
<td><?= htmlspecialchars($contactHelper->contactFlags($contact, 'service')) ?></td>
<td><?= $this->escape($contactHelper->contactFlags($contact, 'service')) ?></td>
</tr>
<tr>
<td><?= t('Flags (host)') ?></td>
<td><?= htmlspecialchars($contactHelper->contactFlags($contact, 'host')) ?></td>
<td><?= $this->escape($contactHelper->contactFlags($contact, 'host')) ?></td>
</tr>
<tr>
<td><?= t('Service notification period') ?></td>
<td><?= htmlspecialchars($contact->contact_notify_service_timeperiod) ?></td>
<td><?= $this->escape($contact->contact_notify_service_timeperiod) ?></td>
</tr>
<tr>
<td><?= t('Host notification period') ?></td>
<td><?= htmlspecialchars($contact->contact_notify_host_timeperiod) ?></td>
<td><?= $this->escape($contact->contact_notify_host_timeperiod) ?></td>
</tr>
</tbody>
</table>