From bcc242815aab7f9defef1619552d7a6778bc54d8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=B4me=20Bernigaud?= <come.bernigaud@laposte.net>
Date: Mon, 18 Mar 2013 16:02:35 +0100
Subject: [PATCH] Fixes: #2140 the template don't escape the html inside itself
---
argonaut/addons/goto/class_gotomasses.inc | 10 +++--
.../admin/systems/class_systemManagement.inc | 44 +++----------------
systems/admin/systems/system-filter.xml | 1 +
systems/admin/systems/system-list.xml | 4 +-
4 files changed, 15 insertions(+), 44 deletions(-)
diff --git a/argonaut/addons/goto/class_gotomasses.inc b/argonaut/addons/goto/class_gotomasses.inc
index 186afa21ba..1c7744f1a8 100644
--- a/argonaut/addons/goto/class_gotomasses.inc
+++ b/argonaut/addons/goto/class_gotomasses.inc
@@ -123,9 +123,9 @@ class gotomasses extends management
{
if (isset($name[0]) && $name[0] != "none") {
// TODO ajouter lien machine.
- return $name[0]." (".$mac[0].")";
+ return htmlentities($name[0]." (".$mac[0].")", ENT_COMPAT, 'UTF-8');
}
- return $mac[0];
+ return htmlentities($mac[0], ENT_COMPAT, 'UTF-8');
}
static function filterTask($tag, $progress)
@@ -145,12 +145,14 @@ class gotomasses extends management
$str = substr($str, 0, 18)."...";
}
+ $str = htmlentities($str, ENT_COMPAT, 'UTF-8');
+
if (isset($infos['listimg']) && !empty($infos['listimg'])) {
$str = $infos['listimg']." ".$str;
}
}
if ($progress) {
- $str .= " (".$progress."%)";
+ $str .= " (".htmlentities($progress, ENT_COMPAT, 'UTF-8')."%)";
}
return $str;
}
@@ -161,7 +163,7 @@ class gotomasses extends management
if (isset($periodic[0]) && !preg_match("/none/i", $periodic[0])) {
$tmp = explode("_", $periodic[0]);
if (count($tmp) == 2) {
- $period = $tmp[0]." "._($tmp[1]);
+ $period = htmlentities($tmp[0], ENT_COMPAT, 'UTF-8')." ".htmlentities(_($tmp[1]), ENT_COMPAT, 'UTF-8');
}
}
return $period;
diff --git a/systems/admin/systems/class_systemManagement.inc b/systems/admin/systems/class_systemManagement.inc
index 075f020417..7d56878794 100644
--- a/systems/admin/systems/class_systemManagement.inc
+++ b/systems/admin/systems/class_systemManagement.inc
@@ -57,8 +57,6 @@ class systemManagement extends management
// Build headpage
$headpage = new listing(get_template_path("system-list.xml", true));
$headpage->registerElementFilter("systemRelease", "systemManagement::systemRelease");
- $headpage->registerElementFilter("ipOf", "systemManagement::ipOf");
- $headpage->registerElementFilter("macOf", "systemManagement::macOf");
$headpage->registerElementFilter("listServices", "systemManagement::listServices");
$headpage->setFilter($filter);
@@ -1057,7 +1055,7 @@ class systemManagement extends management
if ($class && is_array($class)) {
foreach (explode(' ', $class[0]) as $element) {
if ($element[0] == ":") {
- return " ".mb_substr($element, 1);
+ return " ".htmlentities(mb_substr($element, 1), ENT_COMPAT, 'UTF-8');
}
}
}
@@ -1066,16 +1064,16 @@ class systemManagement extends management
$ldap = $config->get_ldap_link();
$ldap->cd($config->current['BASE']);
$ldap->search("(&(objectClass=gosaGroupOfNames)(FAIclass=*)(member=".$b."))",array('FAIclass','cn'));
- while($attrs = $ldap->fetch()){
- $rel = preg_replace("/^.*:/","",$attrs['FAIclass'][0]);
- $sys = sprintf(_("Inherited from %s"),$attrs['cn'][0]);
+ while ($attrs = $ldap->fetch()) {
+ $rel = htmlentities(preg_replace("/^.*:/", "", $attrs['FAIclass'][0]), ENT_COMPAT, 'UTF-8');
+ $sys = htmlentities(sprintf(_("Inherited from %s"), $attrs['cn'][0]), ENT_COMPAT, 'UTF-8');
$str = " <img class='center' src='plugins/ogroups/images/ogroup.png'
title='".$sys."'
alt='".$sys."' > ".$rel;
- return($str);
+ return $str;
}
- return(" ");
+ return " ";
}
static function listServices($row, $dn)
@@ -1118,36 +1116,6 @@ class systemManagement extends management
return $str;
}
- static function ipOf($dn)
- {
- global $config;
-
- // Load information if needed
- $ldap = $config->get_ldap_link();
- $ldap->cd($dn);
- $ldap->search("(ipHostNumber=*)",array('ipHostNumber'));
- $str = " ";
- if($attrs = $ldap->fetch()){
- $str = $attrs['ipHostNumber'][0];
- }
- return($str);
- }
-
- static function macOf($dn)
- {
- global $config;
-
- // Load information if needed
- $ldap = $config->get_ldap_link();
- $ldap->cd($dn);
- $ldap->search("(macAddress=*)",array('macAddress'));
- $str = " ";
- if($attrs = $ldap->fetch()){
- $str = $attrs['macAddress'][0];
- }
- return($str);
- }
-
/*! \brief !! Incoming dummy acls, required to defined acls for incoming objects
*/
static function plInfo()
diff --git a/systems/admin/systems/system-filter.xml b/systems/admin/systems/system-filter.xml
index b24a037b47..1a1658015e 100644
--- a/systems/admin/systems/system-filter.xml
+++ b/systems/admin/systems/system-filter.xml
@@ -20,6 +20,7 @@
<attribute>FAIstate</attribute>
<attribute>FAIclass</attribute>
<attribute>macAddress</attribute>
+ <attribute>ipHostNumber</attribute>
</query>
<scope>auto</scope>
</search>
diff --git a/systems/admin/systems/system-list.xml b/systems/admin/systems/system-list.xml
index 30bdfa96a1..9f6b7a51e6 100644
--- a/systems/admin/systems/system-list.xml
+++ b/systems/admin/systems/system-list.xml
@@ -169,7 +169,7 @@
<label>IP</label>
<sortAttribute>ip</sortAttribute>
<sortType>string</sortType>
- <value>%{filter:ipOf(dn)}</value>
+ <value>%{ipHostNumber}</value>
<export>true</export>
</column>
@@ -177,7 +177,7 @@
<label>MAC</label>
<sortAttribute>mac</sortAttribute>
<sortType>string</sortType>
- <value>%{filter:macOf(dn)}</value>
+ <value>%{macAddress}</value>
<export>true</export>
</column>
--
GitLab