Verified Commit b4515c83 authored by Côme Chilliet's avatar Côme Chilliet
Browse files

🚑 fix(plugins) Escape text in INFO dialogs

issue #6061
parent eeea7186
......@@ -143,7 +143,7 @@ class argonautImportFile extends simplePlugin
$success++;
}
}
msg_dialog::display(_('Import'), sprintf(_('Import complete: %s events successfully send, %s failed'), $success, $fail), INFO_DIALOG);
msg_dialog::display(_('Import'), htmlescape(sprintf(_('Import complete: %s events successfully send, %s failed'), $success, $fail)), INFO_DIALOG);
$this->events = $events;
}
}
......
......@@ -226,12 +226,18 @@ class argonautQueue extends management
}
}
if (count($nodelete)) {
msg_dialog::display(_('Remove'),
sprintf(_('The following jobs couldn\'t be deleted, they have to be aborted: %s'),
'<br/>'.msgPool::buildList($nodelete)), INFO_DIALOG);
msg_dialog::display(
_('Remove'),
sprintf(
htmlescape(_('The following jobs couldn\'t be deleted, they have to be aborted: %s')),
'<br/>'.msgPool::buildList($nodelete)
),
INFO_DIALOG
);
}
if (count($disallowed)) {
msg_dialog::display(_('Permission'), msgPool::permDelete($disallowed), INFO_DIALOG);
$error = new FusionDirectoryPermissionError(msgPool::permDelete($disallowed));
$error->display();
}
// We've at least one entry to delete.
......@@ -292,7 +298,7 @@ class argonautQueue extends management
$this->o_queue->append_call('wakeup', $macs, []);
if ($this->o_queue->is_error()) {
msg_dialog::display(_('Info'), sprintf(_('%s'), $this->o_queue->get_error()), INFO_DIALOG);
msg_dialog::display(_('Info'), htmlescape($this->o_queue->get_error()), INFO_DIALOG);
}
// Removing the task.
$this->o_queue->remove_entries($taskids);
......@@ -313,7 +319,7 @@ class argonautQueue extends management
{
if (count($action['targets']) == 1) {
$entry = $this->listing->getEntry($action['targets'][0]);
msg_dialog::display(_('Error detail'), $entry['ERROR'], INFO_DIALOG);
msg_dialog::display(_('Error detail'), htmlescape($entry['ERROR']), INFO_DIALOG);
}
}
......
......@@ -28,7 +28,7 @@
<td>{$event.HEADER|escape}</td>
<td>{$event.OGROUP|escape}</td>
{if $event.ERROR}
<td style="background-color: #F0BBBB;"><b>{$event.ERROR|escape}</b></td>
<td style="background-color: #F0BBBB;"><b>{$event.ERROR}</b></td>
{else}
<td></td>
{/if}
......
......@@ -309,9 +309,14 @@ class mailMethodCyrus extends mailMethod
return FALSE;
}
} else {
msg_dialog::display(_("Mail info"),
sprintf(_("LDAP entry has been removed but cyrus mailbox (%s) is kept.\nPlease delete it manually!"),
$this->account_id), INFO_DIALOG);
msg_dialog::display(
_('Mail info'),
nl2br(htmlescape(sprintf(
_("LDAP entry has been removed but cyrus mailbox (%s) is kept.\nPlease delete it manually!"),
$this->account_id
))),
INFO_DIALOG
);
}
return TRUE;
}
......
......@@ -109,7 +109,7 @@ class dnsManagement extends management
$error = new FusionDirectoryError(msgPool::siError($s_daemon->get_error()));
$error->display();
} else {
msg_dialog::display(_('Ldap2zone'), sprintf(_('Ldap2Zone called for zone "%s"'), $zoneName), INFO_DIALOG);
msg_dialog::display(_('Ldap2zone'), htmlescape(sprintf(_('Ldap2Zone called for zone "%s"'), $zoneName)), INFO_DIALOG);
}
}
} else {
......
......@@ -346,7 +346,7 @@ class dnsHost extends simplePlugin
$error = new SimplePluginError($this, msgPool::siError($s_daemon->get_error()));
$error->display();
} else {
msg_dialog::display(_('Ldap2zone'), sprintf(_('Ldap2Zone called for zone "%s"'), $zone), INFO_DIALOG);
msg_dialog::display(_('Ldap2zone'), htmlescape(sprintf(_('Ldap2Zone called for zone "%s"'), $zone)), INFO_DIALOG);
}
}
} else {
......@@ -470,7 +470,7 @@ class dnsHost extends simplePlugin
}
if (!empty($messages)) {
msg_dialog::display(_('DNS update'), implode("<br/>\n", $messages)."<br/>\n", INFO_DIALOG);
msg_dialog::display(_('DNS update'), implode("<br/>\n", array_map('htmlescape', $messages))."<br/>\n", INFO_DIALOG);
}
del_lock($lockedDns);
......@@ -501,7 +501,7 @@ class dnsHost extends simplePlugin
}
}
if (!empty($messages)) {
msg_dialog::display(_('DNS update'), implode("<br/>\n", $messages)."<br/>\n", INFO_DIALOG);
msg_dialog::display(_('DNS update'), implode("<br/>\n", array_map('htmlescape', $messages))."<br/>\n", INFO_DIALOG);
}
return parent::post_remove();
......
......@@ -192,7 +192,7 @@ class invitation extends simplePlugin
$this->emails = implode("\n", $failed);
if ($success > 0) {
msg_dialog::display(_('Success'), sprintf(_('%d invitations were sent and saved successfully'), $success), INFO_DIALOG);
msg_dialog::display(_('Success'), htmlescape(sprintf(_('%d invitations were sent and saved successfully'), $success)), INFO_DIALOG);
}
return $errors;
......
......@@ -254,7 +254,7 @@ class csvImport extends simplePlugin
}
}
if ($success > 0) {
msg_dialog::display(_('Success'), sprintf(_('Successfully imported %d entries'), $success), INFO_DIALOG);
msg_dialog::display(_('Success'), htmlescape(sprintf(_('Successfully imported %d entries'), $success)), INFO_DIALOG);
}
}
......
......@@ -185,7 +185,7 @@ class ldifManager extends simplePlugin
$ldap = $config->get_ldap_link();
try {
$nb = $ldap->import_complete_ldif($this->import, !$this->overwrite, FALSE);
msg_dialog::display(_('Success'), sprintf(_('%d entries successfully imported'), $nb), INFO_DIALOG);
msg_dialog::display(_('Success'), htmlescape(sprintf(_('%d entries successfully imported'), $nb)), INFO_DIALOG);
} catch (FusionDirectoryException $e) {
$error = new FusionDirectoryError(htmlescape($e->getMessage()), 0, $e);
$error->display();
......
......@@ -176,12 +176,12 @@ class systemManagement extends management
$error->display();
} else {
if (is_array($res) && (count($res) > 1)) {
msg_dialog::display(_('Action triggered'), sprintf(_('Action called without error (results were "%s")'), implode(', ', $res)), INFO_DIALOG);
msg_dialog::display(_('Action triggered'), htmlescape(sprintf(_('Action called without error (results were "%s")'), implode(', ', $res))), INFO_DIALOG);
} else {
if (is_array($res)) {
$res = $res[0];
}
msg_dialog::display(_('Action triggered'), sprintf(_('Action called without error (result was "%s")'), $res), INFO_DIALOG);
msg_dialog::display(_('Action triggered'), htmlescape(sprintf(_('Action called without error (result was "%s")'), $res)), INFO_DIALOG);
}
}
$this->closeDialogs();
......@@ -227,22 +227,22 @@ class systemManagement extends management
$error->display();
} else {
$dns = array_flip($macs);
$msg = '';
$html = '';
if (!empty($res['results'])) {
$msg .= '<ul>'."\n";
$html .= '<ul>'."\n";
foreach ($res['results'] as $mac => $on) {
$msg .= '<li style="list-style-type:'.($on ? 'disc' : 'circle').';">'.objects::link($dns[$mac], $this->listing->getEntry($dns[$mac])->type).' - '.($on ? 'On' : 'Off').'</li>'."\n";
$html .= '<li style="list-style-type:'.($on ? 'disc' : 'circle').';">'.objects::link($dns[$mac], $this->listing->getEntry($dns[$mac])->type).' - '.($on ? 'On' : 'Off').'</li>'."\n";
}
$msg .= "</ul>\n";
$html .= "</ul>\n";
}
if (!empty($res['errors'])) {
$msg .= '<ul style="list-style-type:square;">'."\n";
$html .= '<ul style="list-style-type:square;">'."\n";
foreach ($res['errors'] as $mac => $error) {
$msg .= '<li>'.objects::link($dns[$mac], $this->listing->getEntry($dns[$mac])->type).' - '.$error.'</li>'."\n";
$html .= '<li>'.objects::link($dns[$mac], $this->listing->getEntry($dns[$mac])->type).' - '.htmlescape($error).'</li>'."\n";
}
$msg .= "</ul>\n";
$html .= "</ul>\n";
}
msg_dialog::display(_('Ping results'), $msg, INFO_DIALOG);
msg_dialog::display(_('Ping results'), $html, INFO_DIALOG);
}
}
......
......@@ -348,7 +348,7 @@ class servicesManagement extends management implements SimpleTab
{
/* Skip if this is a new server */
if ($this->dn == 'new') {
msg_dialog::display(_('Information'), _('Cannot update service status until it has been saved!'), INFO_DIALOG);
msg_dialog::display(_('Information'), htmlescape(_('Cannot update service status until it has been saved!')), INFO_DIALOG);
return;
}
......
......@@ -68,7 +68,7 @@ class SecondFactorRecoveryCode
if ($ldap->success()) {
msg_dialog::display(
_('Recovery code'),
_('You connected using a recovery code as second factor. This code has been deleted and will not be usable again in the future. Generate a new one if you need.'),
htmlescape(_('You connected using a recovery code as second factor. This code has been deleted and will not be usable again in the future. Generate a new one if you need.')),
INFO_DIALOG
);
} else {
......
......@@ -71,7 +71,7 @@ class RecoveryCodesAttribute extends DialogOrderedArrayAttribute
$this->value[] = [date('c'), password_hash($randomhash, PASSWORD_DEFAULT)];
msg_dialog::display(
_('Recovery code'),
sprintf(_('Here is your recovery code: %s<br/><br/>Print and hide it. Do not save it on your computer. You may only use it once.'), $randomhash),
htmlescape(sprintf(_('Here is your recovery code: %s<br/><br/>Print and hide it. Do not save it on your computer. You may only use it once.'), $randomhash)),
INFO_DIALOG
);
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment