mirror of
https://github.com/Icinga/icingaweb2.git
synced 2025-07-23 22:04:25 +02:00
Revert "Do not use htmlspecialchars in widgets"
This reverts commit 2ff43abcf5860f4002d4fbb2aee930b22ab93ea6. `Widget::escape()' does not exist. But `Widget::view()::espcae()' does.
This commit is contained in:
parent
607aa9b203
commit
a68ccecb28
@ -118,7 +118,7 @@ abstract class AbstractWidget
|
|||||||
try {
|
try {
|
||||||
$html = $this->render($this->view());
|
$html = $this->render($this->view());
|
||||||
} catch (Exception $e) {
|
} catch (Exception $e) {
|
||||||
return $this->escape($e->getMessage());
|
return htmlspecialchars($e->getMessage());
|
||||||
}
|
}
|
||||||
return (string) $html;
|
return (string) $html;
|
||||||
}
|
}
|
||||||
|
@ -124,7 +124,7 @@ class AlertMessageBox extends AbstractWidget
|
|||||||
$alert = $this->states[$level];
|
$alert = $this->states[$level];
|
||||||
$html .= '<div class="alert ' . $alert['state']. '">' .
|
$html .= '<div class="alert ' . $alert['state']. '">' .
|
||||||
$this->view()->icon($alert['icon']) .
|
$this->view()->icon($alert['icon']) .
|
||||||
'<strong>' . $this->escape($message->getMessage()) . '</strong>' .
|
'<strong>' . htmlspecialchars($message->getMessage()) . '</strong>' .
|
||||||
'</div>';
|
'</div>';
|
||||||
}
|
}
|
||||||
return $html;
|
return $html;
|
||||||
|
@ -24,7 +24,7 @@ class InlinePie extends AbstractWidget
|
|||||||
const NUMBER_FORMAT_TIME = 'time';
|
const NUMBER_FORMAT_TIME = 'time';
|
||||||
const NUMBER_FORMAT_BYTES = 'bytes';
|
const NUMBER_FORMAT_BYTES = 'bytes';
|
||||||
const NUMBER_FORMAT_RATIO = 'ratio';
|
const NUMBER_FORMAT_RATIO = 'ratio';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The template string used for rendering this widget
|
* The template string used for rendering this widget
|
||||||
* The template string used for rendering this widget
|
* The template string used for rendering this widget
|
||||||
@ -137,7 +137,7 @@ EOD;
|
|||||||
* @var string
|
* @var string
|
||||||
*/
|
*/
|
||||||
private $tooltipFormat = '<b>{{title}}</b></br> {{label}}: {{formatted}} ({{percent}}%)';
|
private $tooltipFormat = '<b>{{title}}</b></br> {{label}}: {{formatted}} ({{percent}}%)';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The number format used to render numeric values in tooltips
|
* The number format used to render numeric values in tooltips
|
||||||
*
|
*
|
||||||
@ -212,7 +212,7 @@ EOD;
|
|||||||
{
|
{
|
||||||
$this->format = $format;
|
$this->format = $format;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* A format string used to render the content of the piechart tooltips
|
* A format string used to render the content of the piechart tooltips
|
||||||
*
|
*
|
||||||
@ -346,11 +346,11 @@ EOD;
|
|||||||
{
|
{
|
||||||
$template = $this->template;
|
$template = $this->template;
|
||||||
$template = str_replace('{url}', $this->url, $template);
|
$template = str_replace('{url}', $this->url, $template);
|
||||||
|
|
||||||
// style
|
// style
|
||||||
$template = str_replace('{width}', $this->width, $template);
|
$template = str_replace('{width}', $this->width, $template);
|
||||||
$template = str_replace('{height}', $this->height, $template);
|
$template = str_replace('{height}', $this->height, $template);
|
||||||
$template = str_replace('{title}', $this->escape($this->title), $template);
|
$template = str_replace('{title}', htmlspecialchars($this->title), $template);
|
||||||
$template = str_replace('{style}', $this->style, $template);
|
$template = str_replace('{style}', $this->style, $template);
|
||||||
$template = str_replace('{colors}', implode(',', $this->colors), $template);
|
$template = str_replace('{colors}', implode(',', $this->colors), $template);
|
||||||
$template = str_replace('{borderWidth}', $this->borderWidth, $template);
|
$template = str_replace('{borderWidth}', $this->borderWidth, $template);
|
||||||
@ -370,9 +370,9 @@ EOD;
|
|||||||
foreach ($this->data as $key => $value) {
|
foreach ($this->data as $key => $value) {
|
||||||
$formatted[$key] = $this->formatValue($value);
|
$formatted[$key] = $this->formatValue($value);
|
||||||
}
|
}
|
||||||
$template = str_replace('{data}', $this->escape(implode(',', $data)), $template);
|
$template = str_replace('{data}', htmlspecialchars(implode(',', $data)), $template);
|
||||||
$template = str_replace('{formatted}', $this->escape(implode('|', $formatted)), $template);
|
$template = str_replace('{formatted}', htmlspecialchars(implode('|', $formatted)), $template);
|
||||||
$template = str_replace('{labels}', $this->escape($this->createLabelString()), $template);
|
$template = str_replace('{labels}', htmlspecialchars($this->createLabelString()), $template);
|
||||||
$template = str_replace('{tooltipFormat}', $this->tooltipFormat, $template);
|
$template = str_replace('{tooltipFormat}', $this->tooltipFormat, $template);
|
||||||
return $template;
|
return $template;
|
||||||
}
|
}
|
||||||
|
@ -259,7 +259,7 @@ EOT;
|
|||||||
try {
|
try {
|
||||||
$html = $this->render(Icinga::app()->getViewRenderer()->view);
|
$html = $this->render(Icinga::app()->getViewRenderer()->view);
|
||||||
} catch (Exception $e) {
|
} catch (Exception $e) {
|
||||||
return $this->escape($e->getMessage());
|
return htmlspecialchars($e->getMessage());
|
||||||
}
|
}
|
||||||
return $html;
|
return $html;
|
||||||
}
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user