Verified Commit 543fd6dd authored by Côme Chilliet's avatar Côme Chilliet
Browse files

🚑 fix(plugins) Use new function htmlescape instead of repeating...

🚑 fix(plugins) Use new function htmlescape instead of repeating htmlentities arguments each time

issue #6061
parent 8a640283
......@@ -58,7 +58,7 @@ class ArgonautQueueColumn extends Column
if (!empty($targetdn) && !empty($targettype)) {
return objects::link($targetdn, $targettype, '', $text, TRUE);
} else {
return htmlentities($text, ENT_COMPAT, 'UTF-8');
return htmlescape($text);
}
}
......@@ -77,14 +77,14 @@ class ArgonautQueueColumn extends Column
$str = mb_substr($str, 0, 18).'...';
}
$str = htmlentities($str, ENT_COMPAT, 'UTF-8');
$str = htmlescape($str);
if (isset($infos['listimg']) && !empty($infos['listimg'])) {
$str = $infos['listimg']." ".$str;
}
}
if ($progress) {
$str .= " (".htmlentities($progress, ENT_COMPAT, 'UTF-8')."%)";
$str .= " (".htmlescape($progress)."%)";
}
return $str;
}
......@@ -95,7 +95,7 @@ class ArgonautQueueColumn extends Column
if (!empty($periodic) && !preg_match('/none/i', $periodic)) {
$tmp = explode('_', $periodic);
if (count($tmp) == 2) {
$period = htmlentities($tmp[0], ENT_COMPAT, 'UTF-8').' '.htmlentities(_($tmp[1]), ENT_COMPAT, 'UTF-8');
$period = htmlescape($tmp[0]).' '.htmlescape(_($tmp[1]));
}
}
return $period;
......@@ -104,23 +104,23 @@ class ArgonautQueueColumn extends Column
static function filterSchedule (string $stamp): string
{
if ($stamp == '19700101000000') {
return _('immediately');
return htmlescape(_('immediately'));
} else {
return date('d.m.Y H:i:s', strtotime($stamp));
return htmlescape(date('d.m.Y H:i:s', strtotime($stamp)));
}
}
static function filterStatus (int $row, string $status, string $substatus): string
{
if ($status == 'waiting') {
$status = '<img class="center" src="geticon.php?context=status&icon=task-waiting&size=16" alt="clock"/>&nbsp;'._('Waiting');
$status = '<img class="center" src="geticon.php?context=status&amp;icon=task-waiting&amp;size=16" alt="clock"/>&nbsp;'.htmlescape(_('Waiting'));
}
if ($status == 'error') {
$status = '<input class="center" type="image" src="geticon.php?context=status&icon=task-failure&size=16" title="'._('Show error').'" '.
'name="listing_showError_'.$row.'" style="padding:1px"/>'._('Error');
$status = '<input class="center" type="image" src="geticon.php?context=status&amp;icon=task-failure&amp;size=16" title="'.htmlescape(_('Show error')).'" '.
'name="listing_showError_'.$row.'" style="padding:1px"/>'.htmlescape(_('Error'));
}
if ($status == 'processed') {
$status = '<img class="center" src="geticon.php?context=status&icon=task-complete&size=16" alt=""/>&nbsp;'._('Processed');
$status = '<img class="center" src="geticon.php?context=status&amp;icon=task-complete&amp;size=16" alt=""/>&nbsp;'.htmlescape(_('Processed'));
}
/* Special handling for all entries that have
......@@ -129,7 +129,7 @@ class ArgonautQueueColumn extends Column
if ($status == 'processing' && $substatus) {
$status = $substatus;
} elseif ($status == 'processing') {
$status = preg_replace('/ /', '&nbsp;', _('in progress'));
$status = preg_replace('/ /', '&nbsp;', htmlescape(_('in progress')));
}
return $status;
......
......@@ -44,7 +44,7 @@ class AvailableLogsAttribute extends Attribute
$js .= 'document.mainform.'.$id.'_'.$var.'.value="'.$value.'";';
}
$js .= 'document.mainform.submit();';
return '<a href="javascript:'.htmlentities($js, ENT_COMPAT, 'UTF-8').'">'.$label."</a>";
return '<a href="javascript:'.htmlescape($js).'">'.htmlescape($label).'</a>';
}
function renderFormInput (): string
......@@ -237,9 +237,9 @@ class faiLogView extends simplePlugin
{
$res = $this->o_queue->get_log_file($mac, $date, $file);
if ($this->o_queue->is_error()) {
msg_dialog::display(_("Error"), $this->o_queue->get_error(), ERROR_DIALOG);
msg_dialog::display(_('Error'), $this->o_queue->get_error(), ERROR_DIALOG);
}
$res = nl2br(htmlentities($res));
$res = nl2br(htmlescape($res));
return $res;
}
}
......@@ -69,7 +69,7 @@ class RegistrationStateAttribute extends DisplayLDAPAttribute
{
$values = static::getStates();
if (isset($values[$value])) {
return sprintf('<img src="%2$s" alt="" class="center"/>&nbsp;%1$s', $values[$value][0], htmlentities($values[$value][1], ENT_COMPAT, 'UTF-8'));
return sprintf('<img src="%2$s" alt="" class="center"/>&nbsp;%1$s', htmlescape($values[$value][0]), htmlescape($values[$value][1]));
}
return $value;
......
......@@ -37,16 +37,16 @@ class RegistrationColumn extends LinkColumn
try {
$value = objects::link($value, 'user', '', NULL, FALSE, FALSE);
} catch (NonExistingLdapNodeException $e) {
$value = _('invalid');
$value = htmlescape(_('invalid'));
}
} elseif ($this->attributes[0] == 'fdRegistrationInvitationDN') {
try {
$value = objects::link($value, 'invitation', '', NULL, FALSE, FALSE);
} catch (NonExistingLdapNodeException $e) {
$value = _('invalid');
$value = htmlescape(_('invalid'));
}
} else {
$value = htmlentities($value, ENT_COMPAT, 'UTF-8');
$value = htmlescape($value);
}
return $this->renderLink($entry, $value);
}
......
......@@ -38,11 +38,11 @@ class OpsiProfileUsageColumn extends Column
$result = '';
if ($systems > 0) {
$typeInfos = objects::infos('workstation');
$result .= '<img class="center" src="'.htmlentities($typeInfos['icon'], ENT_COMPAT, 'UTF-8').'" title="'.$typeInfos['name'].'" alt="'.$typeInfos['name'].'"/>&nbsp;'.$systems;
$result .= '<img class="center" src="'.htmlescape($typeInfos['icon']).'" title="'.htmlescape($typeInfos['name']).'" alt="'.htmlescape($typeInfos['name']).'"/>&nbsp;'.$systems;
}
if ($groups > 0) {
$typeInfos = objects::infos('ogroup');
$result .= '<img class="center" src="'.htmlentities($typeInfos['icon'], ENT_COMPAT, 'UTF-8').'" title="'.$typeInfos['name'].'" alt="'.$typeInfos['name'].'"/>&nbsp;'.$groups;
$result .= '<img class="center" src="'.htmlescape($typeInfos['icon']).'" title="'.htmlescape($typeInfos['name']).'" alt="'.htmlescape($typeInfos['name']).'"/>&nbsp;'.$groups;
}
return $result;
}
......
......@@ -372,7 +372,7 @@ class opsiClient extends simplePlugin
}
$text = '';
foreach ($infos as $info) {
$text .= htmlentities(sprintf('%s - %s', $info['id'], $info['lastSeen']), ENT_COMPAT, 'UTF-8')."<br/>\n";
$text .= htmlescape(sprintf('%s - %s', $info['id'], $info['lastSeen']))."<br/>\n";
}
$this->lastSeen = $text;
}
......
......@@ -109,7 +109,7 @@ class opsiLogView extends simplePlugin
if ($this->o_queue->is_error()) {
msg_dialog::display(_("Error"), $this->o_queue->get_error(), ERROR_DIALOG);
} else {
$value = nl2br(htmlentities($res, ENT_COMPAT, 'UTF-8'));
$value = nl2br(htmlescape($res));
$this->attributesAccess['display_log']->setPostValue($value);
$this->attributesAccess['display_log']->setValue($value);
}
......
......@@ -52,7 +52,7 @@ class socialHandler
protected function link ($link, $text)
{
return '<a href="'.$link.'">'.htmlentities($text).'</a>';
return '<a href="'.$link.'">'.htmlescape($text).'</a>';
}
/* Returns the value if ok or throws a socialHandlerInvalidValueException */
......
......@@ -82,7 +82,7 @@ class mailMethodRenaterPartage extends mailMethod
}
@DEBUG(DEBUG_MAIL, __LINE__, __FUNCTION__, __FILE__, $command, '<b>MAIL: Command</b>');
@DEBUG(DEBUG_MAIL, __LINE__, __FUNCTION__, __FILE__, htmlentities($post, ENT_COMPAT, 'UTF-8'),
@DEBUG(DEBUG_MAIL, __LINE__, __FUNCTION__, __FILE__, htmlescape($post),
'<b>MAIL: Query</b>');
// performs the HTTP(S) POST
......
......@@ -247,7 +247,7 @@ class SudoOptionAttribute extends Attribute
function renderFormInput (): string
{
$id = $this->getLdapName();
$value = htmlentities($this->value['value'], ENT_COMPAT, 'UTF-8');
$value = htmlescape($this->value['value']);
$smarty = get_smarty();
$smarty->assign("boolStringOptions", ["FALSE","TRUE","STRING"]);
$smarty->assign("boolIntOptions", ["FALSE","TRUE","INTEGER"]);
......
......@@ -73,7 +73,7 @@ class SystemReleaseColumn extends Column
if (isset($entry['FAIclass'])) {
foreach (explode(' ', $entry['FAIclass']) as $element) {
if ($element[0] == ':') {
return '&nbsp;'.htmlentities(mb_substr($element, 1), ENT_COMPAT, 'UTF-8');
return '&nbsp;'.htmlescape(mb_substr($element, 1));
}
}
}
......@@ -81,14 +81,13 @@ class SystemReleaseColumn extends Column
// Load information if needed
$ldap = $config->get_ldap_link();
$ldap->cd($config->current['BASE']);
$ldap->search('(&(objectClass=gosaGroupOfNames)(FAIclass=*)(member='.$entry->dn.'))', ['FAIclass','cn']);
$ldap->search('(&(objectClass=gosaGroupOfNames)(FAIclass=*)(member='.ldap_escape_f($entry->dn).'))', ['FAIclass','cn']);
while ($attrs = $ldap->fetch()) {
$rel = htmlentities(preg_replace('/^.*:/', '', $attrs['FAIclass'][0]), ENT_COMPAT, 'UTF-8');
$sys = htmlentities(sprintf(_('Inherited from %s'), $attrs['cn'][0]), ENT_COMPAT, 'UTF-8');
$str = '&nbsp;<img class="center" src="plugins/ogroups/images/ogroup.png"
title="'.$sys.'"
alt="'.$sys.'"/>&nbsp;'.$rel;
return $str;
$rel = htmlescape(preg_replace('/^.*:/', '', $attrs['FAIclass'][0]));
$sys = htmlescape(sprintf(_('Inherited from %s'), $attrs['cn'][0]));
return '&nbsp;<img class="center" src="plugins/ogroups/images/ogroup.png"
title="'.$sys.'"
alt="'.$sys.'"/>&nbsp;'.$rel;
}
return '&nbsp;';
......
......@@ -60,8 +60,8 @@ class SystemServicesColumn extends Column
$result = '';
foreach ($icons as $icon) {
if (!empty($icon['icon'])) {
$result .= '<input type="image" src="'.htmlentities($icon['icon'], ENT_COMPAT, 'UTF-8').'" '.
'alt="'.htmlentities($icon['title'], ENT_COMPAT, 'UTF-8').'" title="'.htmlentities($icon['title'], ENT_COMPAT, 'UTF-8').'" '.
$result .= '<input type="image" src="'.htmlescape($icon['icon']).'" '.
'alt="'.htmlescape($icon['title']).'" title="'.htmlescape($icon['title']).'" '.
'name="listing_edit_service_'.$icon['class'].'_'.$entry->row.'"/>';
}
}
......
......@@ -44,8 +44,8 @@ class ServiceAction extends Action
}
// Render
return '<input type="image" src="'.htmlentities($this->icon, ENT_COMPAT, 'UTF-8').'"'.
' title="'.$this->label.'" alt="'.$this->label.'" name="listing_'.$this->name.'_'.$entry->row.'"/>';
return '<input type="image" src="'.htmlescape($this->icon).'"'.
' title="'.htmlescape($this->label).'" alt="'.htmlescape($this->label).'" name="listing_'.$this->name.'_'.$entry->row.'"/>';
}
function hasPermission (ListingEntry $entry = NULL): bool
......
......@@ -38,6 +38,6 @@ class ServiceStatusColumn extends Column
$img = 'images/empty.png';
break;
}
return '<img src="'.htmlentities($img, ENT_COMPAT, 'UTF-8').'" alt="'.htmlentities($value, ENT_COMPAT, 'UTF-8').'" title="'.htmlentities($value, ENT_COMPAT, 'UTF-8').'"/>';
return '<img src="'.htmlescape($img).'" alt="'.htmlescape($value).'" title="'.htmlescape($value).'"/>';
}
}
......@@ -152,13 +152,13 @@ class SecondFactorWebAuthn
$message = _('Trying to communicate with your device. Plug it in (if you haven\'t already) and press the button on the device now.');
return htmlentities($message, ENT_COMPAT, 'UTF-8').
return htmlescape($message).
'<script type="text/javascript">'."\n".
'<!-- '."\n".
'webauthnCheckRegistration();'."\n".
'-->'."\n".
'</script>'."\n".
'<noscript>'._('Javascript is needed for WebAuthn second factor, please enable it for this page.').'</noscript>';
'<noscript>'.htmlescape(_('Javascript is needed for WebAuthn second factor, please enable it for this page.')).'</noscript>';
}
/* Same as redirect without redirection */
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment