Merge branch 'feature/render-links-in-acknowledgements-comments-and-downtimes-10654'
resolves #10654
This commit is contained in:
Eric Lippmann
commit
f032a670f0
|
|
@ -0,0 +1,38 @@
|
|||
<?php
|
||||
/* Icinga Web 2 | (c) 2016 Icinga Development Team | GPLv2+ */
|
||||
|
||||
/**
|
||||
* Helper for escaping comments, but preserving links
|
||||
*/
|
||||
class Zend_View_Helper_EscapeComment extends Zend_View_Helper_Abstract
|
||||
{
|
||||
/**
|
||||
* The purifier to use for escaping
|
||||
*
|
||||
* @var HTMLPurifier
|
||||
*/
|
||||
protected static $purifier;
|
||||
|
||||
/**
|
||||
* Escape any comment for being placed inside HTML, but preserve simple links (<a href="...">).
|
||||
*
|
||||
* @param string $comment
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
public function escapeComment($comment)
|
||||
{
|
||||
if (self::$purifier === null) {
|
||||
require_once 'HTMLPurifier/Bootstrap.php';
|
||||
require_once 'HTMLPurifier.php';
|
||||
require_once 'HTMLPurifier.autoload.php';
|
||||
|
||||
$config = HTMLPurifier_Config::createDefault();
|
||||
$config->set('Core.EscapeNonASCIICharacters', true);
|
||||
$config->set('HTML.Allowed', 'a[href]');
|
||||
$config->set('Cache.DefinitionImpl', null);
|
||||
self::$purifier = new HTMLPurifier($config);
|
||||
}
|
||||
return self::$purifier->purify($comment);
|
||||
}
|
||||
}
|
||||
|
|
@ -45,7 +45,7 @@
|
|||
</tr>
|
||||
<tr title="<?= $this->translate('A comment, as entered by the author, associated with the scheduled downtime'); ?>">
|
||||
<th><?= $this->translate('Comment') ?></th>
|
||||
<td class="comment-text"><?= $this->nl2br($this->escape($this->downtime->comment)) ?></td>
|
||||
<td class="comment-text"><?= $this->nl2br($this->escapeComment($this->downtime->comment)) ?></td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
|
|
|
|||
|
|
@ -57,5 +57,5 @@
|
|||
</span>
|
||||
</div>
|
||||
<p class="comment-text">
|
||||
<?= $this->nl2br($this->escape($comment->comment)) ?>
|
||||
<?= $this->nl2br($this->escapeComment($comment->comment)) ?>
|
||||
</p>
|
||||
|
|
|
|||
|
|
@ -67,6 +67,6 @@
|
|||
</span>
|
||||
</div>
|
||||
<p class="comment-text">
|
||||
<?= $this->nl2br($this->escape($downtime->comment)) ?>
|
||||
<?= $this->nl2br($this->escapeComment($downtime->comment)) ?>
|
||||
</p>
|
||||
</td>
|
||||
|
|
|
|||
|
|
@ -147,7 +147,9 @@ $history->limit($limit * $page);
|
|||
<?php if ($icon) {
|
||||
echo $this->icon($icon, null, $iconCssClass ? array('class' => $iconCssClass) : array());
|
||||
} ?>
|
||||
<?= nl2br($this->createTicketLinks($this->escape($msg)), false) ?>
|
||||
<?= $this->nl2br($this->createTicketLinks($this->escapeComment($msg)))
|
||||
// TODO(ak): this allows only a[href] in messages, but plugin output allows more
|
||||
?>
|
||||
</p>
|
||||
</td>
|
||||
</tr>
|
||||
|
|
|
|||
|
|
@ -44,7 +44,7 @@ $acknowledgement = $object->acknowledgement;
|
|||
} ?>
|
||||
</dt>
|
||||
<dd>
|
||||
<?= $this->nl2br($this->createTicketLinks($this->escape($acknowledgement->getComment()))) ?>
|
||||
<?= $this->nl2br($this->createTicketLinks($this->escapeComment($acknowledgement->getComment()))) ?>
|
||||
</dd>
|
||||
</dl>
|
||||
<?php elseif (isset($removeAckForm)): ?>
|
||||
|
|
|
|||
|
|
@ -67,7 +67,7 @@ if (empty($object->comments) && ! $addLink) {
|
|||
} ?>
|
||||
</dt>
|
||||
<dd>
|
||||
<?= $this->nl2br($this->createTicketLinks($this->escape($comment->comment))) ?>
|
||||
<?= $this->nl2br($this->createTicketLinks($this->escapeComment($comment->comment))) ?>
|
||||
</dd>
|
||||
<?php endforeach ?>
|
||||
</dl>
|
||||
|
|
|
|||
|
|
@ -96,7 +96,7 @@ if (empty($object->comments) && ! $addLink) {
|
|||
} ?>
|
||||
</dt>
|
||||
<dd>
|
||||
<?= $this->nl2br($this->createTicketLinks($this->escape($downtime->comment))) ?>
|
||||
<?= $this->nl2br($this->createTicketLinks($this->escapeComment($downtime->comment))) ?>
|
||||
</dd>
|
||||
<?php endforeach ?>
|
||||
</dl>
|
||||
|
|
|
|||
Loading…
Reference in New Issue