tyler.durden
/
icingaweb2
mirror of https://github.com/Icinga/icingaweb2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Do not use htmlspecialchars in view scripts 

fixes #6759
This commit is contained in:
Alexander Klimov 2014-07-23 12:41:05 +02:00
parent 9269a0cbd5
commit a2809552f2
2 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
modules/monitoring/application/views/scripts/list/contacts.phtml
View File

@ -26,23 +26,23 @@ $contactHelper = $this->getHelper('ContactFlags');
<div><?= sprintf(
'%1$s: <a href="mailto:%2$s">%2$s</a>',
t('Email'),
htmlspecialchars($contact->contact_email)
$this->escape($contact->contact_email)
) ?></div>
<?php if ($contact->contact_pager): ?>
<div>
<?= t('Pager') ?>:
<?= htmlspecialchars($contact->contact_pager) ?>
<?= $this->escape($contact->contact_pager) ?>
</div>
<?php endif; ?>
<div style="clear: both;"></div>
<div class="notification-periods">
<div>
<?= t('Service notification period') ?>:
<?= htmlspecialchars($contact->contact_notify_service_timeperiod) ?>
<?= $this->escape($contact->contact_notify_service_timeperiod) ?>
</div>
<div>
<?= t('Host notification period') ?>:
<?= htmlspecialchars($contact->contact_notify_host_timeperiod) ?>
<?= $this->escape($contact->contact_notify_host_timeperiod) ?>
</div>
</div>
</div>

16
modules/monitoring/application/views/scripts/show/contact.phtml
View File

@ -7,8 +7,8 @@ $contactHelper = $this->getHelper('ContactFlags');
<thead>
<tr>
<th colspan="2" style="text-align: left">
<?= htmlspecialchars($contact->contact_name) ?><span style="font-weight: normal;"> (<?=
htmlspecialchars($contact->contact_alias)
<?= $this->escape($contact->contact_name) ?><span style="font-weight: normal;"> (<?=
$this->escape($contact->contact_alias)
?>)</span>
</th>
</tr>
@ -18,30 +18,30 @@ $contactHelper = $this->getHelper('ContactFlags');
<td><?= t('Email') ?></td>
<td><?php printf(
'<a href="mailto:%1$s">%1$s</a>',
htmlspecialchars($contact->contact_email)
$this->escape($contact->contact_email)
); ?></td>
</tr>
<?php if ($contact->contact_pager): ?>
<tr>
<td><?= t('Pager') ?></td>
<td><?= htmlspecialchars($contact->contact_pager) ?></td>
<td><?= $this->escape($contact->contact_pager) ?></td>
</tr>
<?php endif; ?>
<tr>
<td><?= t('Flags (service)') ?></td>
<td><?= htmlspecialchars($contactHelper->contactFlags($contact, 'service')) ?></td>
<td><?= $this->escape($contactHelper->contactFlags($contact, 'service')) ?></td>
</tr>
<tr>
<td><?= t('Flags (host)') ?></td>
<td><?= htmlspecialchars($contactHelper->contactFlags($contact, 'host')) ?></td>
<td><?= $this->escape($contactHelper->contactFlags($contact, 'host')) ?></td>
</tr>
<tr>
<td><?= t('Service notification period') ?></td>
<td><?= htmlspecialchars($contact->contact_notify_service_timeperiod) ?></td>
<td><?= $this->escape($contact->contact_notify_service_timeperiod) ?></td>
</tr>
<tr>
<td><?= t('Host notification period') ?></td>
<td><?= htmlspecialchars($contact->contact_notify_host_timeperiod) ?></td>
<td><?= $this->escape($contact->contact_notify_host_timeperiod) ?></td>
</tr>
</tbody>
</table>