From a2809552f2ac509d69afcb99ab26fbecf7b0b7ae Mon Sep 17 00:00:00 2001
From: Alexander Klimov <Alexander.Klimov@netways.de>
Date: Wed, 23 Jul 2014 12:41:05 +0200
Subject: [PATCH] Do not use htmlspecialchars in view scripts

fixes #6759
---
 .../views/scripts/list/contacts.phtml            |  8 ++++----
 .../application/views/scripts/show/contact.phtml | 16 ++++++++--------
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/modules/monitoring/application/views/scripts/list/contacts.phtml b/modules/monitoring/application/views/scripts/list/contacts.phtml
index 81a061973..9fc05de8e 100644
--- a/modules/monitoring/application/views/scripts/list/contacts.phtml
+++ b/modules/monitoring/application/views/scripts/list/contacts.phtml
@@ -26,23 +26,23 @@ $contactHelper = $this->getHelper('ContactFlags');
             <div><?= sprintf(
                 '%1$s: <a href="mailto:%2$s">%2$s</a>',
                 t('Email'),
-                htmlspecialchars($contact->contact_email)
+                $this->escape($contact->contact_email)
             ) ?></div>
             <?php if ($contact->contact_pager): ?>
             <div>
                 <?= t('Pager') ?>:
-                <?= htmlspecialchars($contact->contact_pager) ?>
+                <?= $this->escape($contact->contact_pager) ?>
             </div>
             <?php endif; ?>
             <div style="clear: both;"></div>
             <div class="notification-periods">
                 <div>
                     <?= t('Service notification period') ?>:
-                    <?= htmlspecialchars($contact->contact_notify_service_timeperiod) ?>
+                    <?= $this->escape($contact->contact_notify_service_timeperiod) ?>
                 </div>
                 <div>
                     <?= t('Host notification period') ?>:
-                    <?= htmlspecialchars($contact->contact_notify_host_timeperiod) ?>
+                    <?= $this->escape($contact->contact_notify_host_timeperiod) ?>
                 </div>
             </div>
         </div>
diff --git a/modules/monitoring/application/views/scripts/show/contact.phtml b/modules/monitoring/application/views/scripts/show/contact.phtml
index 609bbbc69..a7b691eb4 100644
--- a/modules/monitoring/application/views/scripts/show/contact.phtml
+++ b/modules/monitoring/application/views/scripts/show/contact.phtml
@@ -7,8 +7,8 @@ $contactHelper = $this->getHelper('ContactFlags');
             <thead>
             <tr>
                 <th colspan="2" style="text-align: left">
-                    <?= htmlspecialchars($contact->contact_name) ?><span style="font-weight: normal;"> (<?=
-                        htmlspecialchars($contact->contact_alias)
+                    <?= $this->escape($contact->contact_name) ?><span style="font-weight: normal;"> (<?=
+                        $this->escape($contact->contact_alias)
                         ?>)</span>
                 </th>
             </tr>
@@ -18,30 +18,30 @@ $contactHelper = $this->getHelper('ContactFlags');
                 <td><?= t('Email') ?></td>
                 <td><?php printf(
                         '<a href="mailto:%1$s">%1$s</a>',
-                        htmlspecialchars($contact->contact_email)
+                        $this->escape($contact->contact_email)
                     ); ?></td>
             </tr>
             <?php if ($contact->contact_pager): ?>
                 <tr>
                     <td><?= t('Pager') ?></td>
-                    <td><?= htmlspecialchars($contact->contact_pager) ?></td>
+                    <td><?= $this->escape($contact->contact_pager) ?></td>
                 </tr>
             <?php endif; ?>
             <tr>
                 <td><?= t('Flags (service)') ?></td>
-                <td><?= htmlspecialchars($contactHelper->contactFlags($contact, 'service')) ?></td>
+                <td><?= $this->escape($contactHelper->contactFlags($contact, 'service')) ?></td>
             </tr>
             <tr>
                 <td><?= t('Flags (host)') ?></td>
-                <td><?= htmlspecialchars($contactHelper->contactFlags($contact, 'host')) ?></td>
+                <td><?= $this->escape($contactHelper->contactFlags($contact, 'host')) ?></td>
             </tr>
             <tr>
                 <td><?= t('Service notification period') ?></td>
-                <td><?= htmlspecialchars($contact->contact_notify_service_timeperiod) ?></td>
+                <td><?= $this->escape($contact->contact_notify_service_timeperiod) ?></td>
             </tr>
             <tr>
                 <td><?= t('Host notification period') ?></td>
-                <td><?= htmlspecialchars($contact->contact_notify_host_timeperiod) ?></td>
+                <td><?= $this->escape($contact->contact_notify_host_timeperiod) ?></td>
             </tr>
             </tbody>
         </table>