tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-07-26 15:24:05 +02:00
Code Issues Packages Projects Releases Wiki Activity

Revert "Do not use htmlspecialchars in widgets"

Browse Source 
This reverts commit 2ff43abcf5860f4002d4fbb2aee930b22ab93ea6.

`Widget::escape()' does not exist. But `Widget::view()::espcae()' does.
This commit is contained in:
Eric Lippmann 2014-07-23 12:28:04 +02:00
parent 607aa9b203
commit a68ccecb28
4 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
library/Icinga/Web/Widget/AbstractWidget.php
View File

@ -118,7 +118,7 @@ abstract class AbstractWidget
try {
$html = $this->render($this->view());
} catch (Exception $e) {
return $this->escape($e->getMessage());
return htmlspecialchars($e->getMessage());
}
return (string) $html;
}

2
library/Icinga/Web/Widget/AlertMessageBox.php
View File

@ -124,7 +124,7 @@ class AlertMessageBox extends AbstractWidget
$alert = $this->states[$level];
$html .= '<div class="alert ' . $alert['state']. '">' .
$this->view()->icon($alert['icon']) .
'<strong>' . $this->escape($message->getMessage()) . '</strong>' .
'<strong>' . htmlspecialchars($message->getMessage()) . '</strong>' .
'</div>';
}
return $html;

8
library/Icinga/Web/Widget/Chart/InlinePie.php
View File

@ -350,7 +350,7 @@ EOD;
// style
$template = str_replace('{width}', $this->width, $template);
$template = str_replace('{height}', $this->height, $template);
$template = str_replace('{title}', $this->escape($this->title), $template);
$template = str_replace('{title}', htmlspecialchars($this->title), $template);
$template = str_replace('{style}', $this->style, $template);
$template = str_replace('{colors}', implode(',', $this->colors), $template);
$template = str_replace('{borderWidth}', $this->borderWidth, $template);
@ -370,9 +370,9 @@ EOD;
foreach ($this->data as $key => $value) {
$formatted[$key] = $this->formatValue($value);
}
$template = str_replace('{data}', $this->escape(implode(',', $data)), $template);
$template = str_replace('{formatted}', $this->escape(implode('|', $formatted)), $template);
$template = str_replace('{labels}', $this->escape($this->createLabelString()), $template);
$template = str_replace('{data}', htmlspecialchars(implode(',', $data)), $template);
$template = str_replace('{formatted}', htmlspecialchars(implode('|', $formatted)), $template);
$template = str_replace('{labels}', htmlspecialchars($this->createLabelString()), $template);
$template = str_replace('{tooltipFormat}', $this->tooltipFormat, $template);
return $template;
}

2
library/Icinga/Web/Widget/Tabs.php
View File

@ -259,7 +259,7 @@ EOT;
try {
$html = $this->render(Icinga::app()->getViewRenderer()->view);
} catch (Exception $e) {
return $this->escape($e->getMessage());
return htmlspecialchars($e->getMessage());
}
return $html;
}