tyler.durden
/
icingaweb2
mirror of https://github.com/Icinga/icingaweb2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Do not use htmlspecialchars in view scripts 

fixes #6759
This commit is contained in:
Alexander Klimov 2014-07-23 12:41:05 +02:00
parent 9269a0cbd5
commit a2809552f2
2 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
modules/monitoring/application/views/scripts/list/contacts.phtml
View File

@ -26,23 +26,23 @@ $contactHelper = $this->getHelper('ContactFlags');
<div><?= sprintf( <div><?= sprintf(
'%1$s: <a href="mailto:%2$s">%2$s</a>', '%1$s: <a href="mailto:%2$s">%2$s</a>',
t('Email'), t('Email'),
htmlspecialchars($contact->contact_email) $this->escape($contact->contact_email)
) ?></div> ) ?></div>
<?php if ($contact->contact_pager): ?> <?php if ($contact->contact_pager): ?>
<div> <div>
<?= t('Pager') ?>: <?= t('Pager') ?>:
<?= htmlspecialchars($contact->contact_pager) ?> <?= $this->escape($contact->contact_pager) ?>
</div> </div>
<?php endif; ?> <?php endif; ?>
<div style="clear: both;"></div> <div style="clear: both;"></div>
<div class="notification-periods"> <div class="notification-periods">
<div> <div>
<?= t('Service notification period') ?>: <?= t('Service notification period') ?>:
<?= htmlspecialchars($contact->contact_notify_service_timeperiod) ?> <?= $this->escape($contact->contact_notify_service_timeperiod) ?>
</div> </div>
<div> <div>
<?= t('Host notification period') ?>: <?= t('Host notification period') ?>:
<?= htmlspecialchars($contact->contact_notify_host_timeperiod) ?> <?= $this->escape($contact->contact_notify_host_timeperiod) ?>
</div> </div>
</div> </div>
</div> </div>

16
modules/monitoring/application/views/scripts/show/contact.phtml
View File

@ -7,8 +7,8 @@ $contactHelper = $this->getHelper('ContactFlags');
<thead> <thead>
<tr> <tr>
<th colspan="2" style="text-align: left"> <th colspan="2" style="text-align: left">
<?= htmlspecialchars($contact->contact_name) ?><span style="font-weight: normal;"> (<?= <?= $this->escape($contact->contact_name) ?><span style="font-weight: normal;"> (<?=
htmlspecialchars($contact->contact_alias) $this->escape($contact->contact_alias)
?>)</span> ?>)</span>
</th> </th>
</tr> </tr>
@ -18,30 +18,30 @@ $contactHelper = $this->getHelper('ContactFlags');
<td><?= t('Email') ?></td> <td><?= t('Email') ?></td>
<td><?php printf( <td><?php printf(
'<a href="mailto:%1$s">%1$s</a>', '<a href="mailto:%1$s">%1$s</a>',
htmlspecialchars($contact->contact_email) $this->escape($contact->contact_email)
); ?></td> ); ?></td>
</tr> </tr>
<?php if ($contact->contact_pager): ?> <?php if ($contact->contact_pager): ?>
<tr> <tr>
<td><?= t('Pager') ?></td> <td><?= t('Pager') ?></td>
<td><?= htmlspecialchars($contact->contact_pager) ?></td> <td><?= $this->escape($contact->contact_pager) ?></td>
</tr> </tr>
<?php endif; ?> <?php endif; ?>
<tr> <tr>
<td><?= t('Flags (service)') ?></td> <td><?= t('Flags (service)') ?></td>
<td><?= htmlspecialchars($contactHelper->contactFlags($contact, 'service')) ?></td> <td><?= $this->escape($contactHelper->contactFlags($contact, 'service')) ?></td>
</tr> </tr>
<tr> <tr>
<td><?= t('Flags (host)') ?></td> <td><?= t('Flags (host)') ?></td>
<td><?= htmlspecialchars($contactHelper->contactFlags($contact, 'host')) ?></td> <td><?= $this->escape($contactHelper->contactFlags($contact, 'host')) ?></td>
</tr> </tr>
<tr> <tr>
<td><?= t('Service notification period') ?></td> <td><?= t('Service notification period') ?></td>
<td><?= htmlspecialchars($contact->contact_notify_service_timeperiod) ?></td> <td><?= $this->escape($contact->contact_notify_service_timeperiod) ?></td>
</tr> </tr>
<tr> <tr>
<td><?= t('Host notification period') ?></td> <td><?= t('Host notification period') ?></td>
<td><?= htmlspecialchars($contact->contact_notify_host_timeperiod) ?></td> <td><?= $this->escape($contact->contact_notify_host_timeperiod) ?></td>
</tr> </tr>
</tbody> </tbody>
</table> </table>