Merge branch 'feature/render-links-in-acknowledgements-comments-and-downtimes-10654'

resolves #10654
2016-02-25 11:31:13 +01:00 · 2016-02-25 11:31:13 +01:00 · f032a670f0
parent c834e66b9a af3abb76c8
commit f032a670f0
8 changed files with 47 additions and 7 deletions
--- a/modules/monitoring/application/views/helpers/EscapeComment.php
+++ b/modules/monitoring/application/views/helpers/EscapeComment.php
@ -0,0 +1,38 @@
 <?php
 /* Icinga Web 2 | (c) 2016 Icinga Development Team | GPLv2+ */
 /**
 * Helper for escaping comments, but preserving links
 */
 class Zend_View_Helper_EscapeComment extends Zend_View_Helper_Abstract
 {
    /**
     * The purifier to use for escaping
     *
     * @var HTMLPurifier
     */
    protected static $purifier;
    /**
     * Escape any comment for being placed inside HTML, but preserve simple links (<a href="...">).
     *
     * @param   string  $comment
     *
     * @return  string
     */
    public function escapeComment($comment)
    {
        if (self::$purifier === null) {
            require_once 'HTMLPurifier/Bootstrap.php';
            require_once 'HTMLPurifier.php';
            require_once 'HTMLPurifier.autoload.php';
            $config = HTMLPurifier_Config::createDefault();
            $config->set('Core.EscapeNonASCIICharacters', true);
            $config->set('HTML.Allowed', 'a[href]');
            $config->set('Cache.DefinitionImpl', null);
            self::$purifier = new HTMLPurifier($config);
        }
        return self::$purifier->purify($comment);
    }
 }
--- a/modules/monitoring/application/views/scripts/downtime/show.phtml
+++ b/modules/monitoring/application/views/scripts/downtime/show.phtml
@ -45,7 +45,7 @@
      </tr>
      <tr title="<?= $this->translate('A comment, as entered by the author, associated with the scheduled downtime'); ?>">
        <th><?= $this->translate('Comment') ?></th>
-        <td class="comment-text"><?= $this->nl2br($this->escape($this->downtime->comment)) ?></td>
+        <td class="comment-text"><?= $this->nl2br($this->escapeComment($this->downtime->comment)) ?></td>
      </tr>
    </tbody>
  </table>
--- a/modules/monitoring/application/views/scripts/partials/comment/comment-detail.phtml
+++ b/modules/monitoring/application/views/scripts/partials/comment/comment-detail.phtml
@ -57,5 +57,5 @@
    </span>
 </div>
 <p class="comment-text">
-    <?= $this->nl2br($this->escape($comment->comment)) ?>
+    <?= $this->nl2br($this->escapeComment($comment->comment)) ?>
 </p>
--- a/modules/monitoring/application/views/scripts/partials/downtime/downtime-header.phtml
+++ b/modules/monitoring/application/views/scripts/partials/downtime/downtime-header.phtml
@ -67,6 +67,6 @@
    </span>
  </div>
  <p class="comment-text">
-    <?= $this->nl2br($this->escape($downtime->comment)) ?>
+    <?= $this->nl2br($this->escapeComment($downtime->comment)) ?>
  </p>
 </td>
--- a/modules/monitoring/application/views/scripts/partials/event-history.phtml
+++ b/modules/monitoring/application/views/scripts/partials/event-history.phtml
@ -147,7 +147,9 @@ $history->limit($limit * $page);
                    <?php if ($icon) {
                        echo $this->icon($icon, null, $iconCssClass ? array('class' => $iconCssClass) : array());
                    } ?>
-                    <?= nl2br($this->createTicketLinks($this->escape($msg)), false) ?>
+                    <?= $this->nl2br($this->createTicketLinks($this->escapeComment($msg)))
                    // TODO(ak): this allows only a[href] in messages, but plugin output allows more
                    ?>
                </p>
            </td>
        </tr>
--- a/modules/monitoring/application/views/scripts/show/components/acknowledgement.phtml
+++ b/modules/monitoring/application/views/scripts/show/components/acknowledgement.phtml
@ -44,7 +44,7 @@ $acknowledgement = $object->acknowledgement;
                } ?>
            </dt>
            <dd>
-                <?= $this->nl2br($this->createTicketLinks($this->escape($acknowledgement->getComment()))) ?>
+                <?= $this->nl2br($this->createTicketLinks($this->escapeComment($acknowledgement->getComment()))) ?>
            </dd>
        </dl>
        <?php elseif (isset($removeAckForm)): ?>
--- a/modules/monitoring/application/views/scripts/show/components/comments.phtml
+++ b/modules/monitoring/application/views/scripts/show/components/comments.phtml
@ -67,7 +67,7 @@ if (empty($object->comments) && ! $addLink) {
                } ?>
            </dt>
            <dd>
-                <?= $this->nl2br($this->createTicketLinks($this->escape($comment->comment))) ?>
+                <?= $this->nl2br($this->createTicketLinks($this->escapeComment($comment->comment))) ?>
            </dd>
        <?php endforeach ?>
        </dl>
--- a/modules/monitoring/application/views/scripts/show/components/downtime.phtml
+++ b/modules/monitoring/application/views/scripts/show/components/downtime.phtml
@ -96,7 +96,7 @@ if (empty($object->comments) && ! $addLink) {
                } ?>
            </dt>
            <dd>
-                <?= $this->nl2br($this->createTicketLinks($this->escape($downtime->comment))) ?>
+                <?= $this->nl2br($this->createTicketLinks($this->escapeComment($downtime->comment))) ?>
            </dd>
        <?php endforeach ?>
        </dl>