Commit Graph

1625 Commits

Author SHA1 Message Date
Eric Lippmann 7d47875241 Introduce PdfexportHook 2018-07-18 14:22:18 +02:00
Johannes Meyer 84622bf27b Fix some XSS vulnerabilities
Only a real issue with <= IE9 as other browsers properly escape
urls prior transmission.

Signed-off-by: Eric Lippmann <eric.lippmann@icinga.com>
2018-07-16 09:53:30 +02:00
Eric Lippmann 6cddd6beed
Merge pull request #3508 from Icinga/fix/filter-entries-are-deleted-when-pushing-enter-3454
FilterEditor: Add a hidden submit button to the start of the form's m…
2018-07-10 09:28:35 +02:00
Eric Lippmann 47405127d0 Add config to hide/show pplication state messages
refs #2835
2018-07-09 16:28:28 +02:00
Eric Lippmann d18d05ccee Introduce ApplicationStateHook
refs #2835
2018-07-09 16:28:25 +02:00
Johannes Meyer 6e6251604b FilterEditor: Add a hidden submit button to the start of the form's markup
When pushing enter our JS mimics what a browser would do. And that is
pushing the first submit button found in the form. Without this, that's
a delete button of the first logical junction. (the root condition)

fixes #3454
2018-07-06 10:41:49 +02:00
Eric Lippmann 189b519135
Merge pull request #3486 from Icinga/fix/request-parses-json-without-respecting-content-type-3484
Fix that Request parses json without respecting content type
2018-07-05 13:19:27 +02:00
Johannes Meyer 1f677e64f6 ActionController: Force HTTP redirects in method redirectHttp()
That's what its name implies, right? The counterpart is redirectXhr(),
which does still its job. redirectNow() on the other hand is for the
lazy people.
2018-07-04 14:44:03 +02:00
Johannes Meyer 8cbff87af1 Request: Parse the POST body only as JSON if it's really JSON
refs #3484
2018-07-04 11:09:11 +02:00
Johannes Meyer 842e5603a1 Request: Introduce method extractMediaType
refs #3484
2018-07-04 11:09:11 +02:00
Eric Lippmann 6f1d8668a0 Fix line exceeds 120 characters 2018-06-22 11:04:48 +02:00
Alexander A. Klimov ee60a8df99 Don't let AutoRefreshForm handle API requests
refs #2749
2018-06-22 11:03:07 +02:00
Alexander A. Klimov 235e75d054 Form: handle API requests as expected
refs #2749
2018-06-22 11:03:07 +02:00
Alexander A. Klimov 880a0a254f DateTimePicker: support *nix timestamps
refs #2749
2018-06-22 11:03:07 +02:00
Alexander A. Klimov a444b8adf5 Request: support JSON as POST data format
refs #2749
2018-06-22 11:03:07 +02:00
Alexander A. Klimov 906c1668a4 Split Json::encode() into Json::encode() and Json::sanitize()
refs #2635
2018-06-21 16:01:53 +02:00
Alexander A. Klimov 02b60633ff Auto-sanitize only in the monitoring module
refs #2635
2018-06-20 18:05:12 +02:00
Alexander A. Klimov 1a94a21263 Prefer Json::encode() over json_encode()
refs #2635
2018-06-20 18:05:11 +02:00
Eric Lippmann 96303f53f8
Merge pull request #3213 from Icinga/feature/drop-php-5-3-support
Drop PHP 5.3 support
2018-05-08 03:03:36 -04:00
Eric Lippmann 4bea67e756
Merge pull request #3315 from Icinga/bugfix/php-7-2-support-3185
Don't call session_start() after ini_set()
2018-05-07 05:44:52 -04:00
Alexander A. Klimov fc1f6e13ab Drop PHP 5.3 support 2018-05-07 11:36:54 +02:00
Johannes Meyer 71cb682832 Re-introduce class Icinga\Web\Menu
refs #2338
2018-04-30 10:24:57 +02:00
Johannes Meyer 1b15048636 Drop obsolete Icinga\Web\Menu classes
refs #2338
2018-04-27 14:28:20 +02:00
Johannes Meyer 571b34c8cd Drop obsolete class Icinga\Web\Menu\BadgeMenuItemRenderer
refs #2338
2018-04-27 14:11:03 +02:00
Johannes Meyer 059088c089 Drop obsolete class Icinga\Web\Menu\SummaryMenuItemRenderer
refs #2338
2018-04-27 14:10:35 +02:00
Johannes Meyer d71982e333 Drop obsolete class Icinga\Web\Menu\PermittedMenuItemFilter
refs #2338
2018-04-27 14:10:00 +02:00
Johannes Meyer 1c4ebda037 Drop obsolete class Icinga\Web\MenuRenderer
refs #2338
2018-04-27 14:04:49 +02:00
Alexander A. Klimov 1280137eae Merge branch 'bugfix/form-number-inclusive-range' 2018-04-12 14:32:38 +02:00
Alexander A. Klimov 5cf51a70c8 Numeric input: validate inclusive ranges 2018-04-12 14:25:10 +02:00
Johannes Meyer 5f24fffe7d
Merge pull request #3412 from Icinga/bugfix/filter-editor-expand-upon-auto-refresh-2964
Preserve collapsed FilterEditor subtrees across auto-refreshes
2018-04-06 14:55:19 +02:00
Alexander A. Klimov 41b105136d Preserve collapsed FilterEditor subtrees across auto-refreshes
refs #2964
2018-04-06 13:54:51 +02:00
Johannes Meyer 72f0e809ae Pane: Add setter for $name
refs #2901
2018-04-06 11:08:20 +02:00
Alexander A. Klimov b5dde96746 FilterEditor: save changes on element addition
refs #2900
2018-04-04 12:20:52 +02:00
Alexander A. Klimov dadd2c80f6 Don't call session_start() after ini_set()
refs #3185
2018-01-24 17:38:20 +01:00
Alexander A. Klimov 72ec132f25 Correct interfaces to conform to PHP 7.2+ 2018-01-24 11:50:10 +01:00
Johannes Meyer e59fa13786 Announcements: Render HTML in announcment messages
refs #2641
2018-01-19 16:12:53 +01:00
Johannes Meyer 3b9d8697ed Introduce class Icinga\Web\Helper\HtmlPurifier
refs #2641
2018-01-19 16:12:53 +01:00
lippserd 362a5b1721
Merge pull request #3271 from Icinga/bugfix/fix-internalurlvalidator
InternalUrlValidator: prevent circumvention by URLs on the same VHost
2018-01-18 09:58:32 +01:00
Alexander A. Klimov 5f441f3ad1 Don't fail to render the whole dashboard in case of a broken dashlet 2018-01-17 13:48:14 +01:00
Alexander A. Klimov c2f74d49cb InternalUrlValidator: prevent circumvention by URLs on the same VHost 2018-01-16 15:40:08 +01:00
lippserd 705f3a49d9
Merge pull request #3180 from Icinga/feature/url-static-self
Url: prefer static over self
2018-01-16 10:52:25 +01:00
Alexander A. Klimov a1709a0670 Fix unneccessary log message
refs #3189
2017-12-19 15:58:25 +01:00
Alexander A. Klimov 788272fad7 PhpSession: conform to PHP 7.1
refs #3208
2017-12-13 13:38:51 +01:00
Alexander A. Klimov 810c02a41f Url: prefer static over self 2017-12-04 10:48:52 +01:00
Alexander A. Klimov 6409bdc074 Implement persistent "Show more" spoilers 2017-11-27 14:18:42 +01:00
Eric Lippmann b6b87796ed Menu: Link to the navigation dashboard if menu entry has children but no URL 2017-11-21 22:55:45 +01:00
Eric Lippmann e7ca817e81 Make Navigation::findItem() public
We need this method public for the navigation dashbaord.
2017-11-21 22:55:45 +01:00
Eric Lippmann 21dbe4ec47 Only render icons of root navigation items
The upcoming navigation dashboard creates its links from the menu items in configuration.php.
Now, we encourage users to specify icons for second-level menu items but do not want render them in our menu.
2017-11-21 22:55:45 +01:00
Eric Lippmann 3660606ca1 Allow to set a description for navigation items
We will introduce a navigation dashboard for root menu items which do not a have a URL but children.
2017-11-21 22:55:45 +01:00
lippserd df1e7683c8
Merge pull request #3041 from Icinga/feature/auto-detaching-dom-elements-3039
Implement auto-detaching DOM elements
2017-11-21 16:48:59 +01:00