[icinga-checkins] icinga.org: icingaweb2/bugfix/ wrong-url-makes-whole-dashboard-unusable-11920: dashboard/new-dashlet: don 't allow external URLs

git at icinga.org git at icinga.org
Wed Aug 31 15:12:59 CEST 2016


Module: icingaweb2
Branch: bugfix/wrong-url-makes-whole-dashboard-unusable-11920
Commit: fa113e023b658470c13756bd463d8b64d29db95b
URL:    https://git.icinga.org/?p=icingaweb2.git;a=commit;h=fa113e023b658470c13756bd463d8b64d29db95b

Author: Alexander A. Klimov <alexander.klimov at netways.de>
Date:   Wed Aug 31 15:11:55 2016 +0200

dashboard/new-dashlet: don't allow external URLs

refs #11920

---

 application/forms/Dashboard/DashletForm.php        |    3 +-
 .../Web/Form/Validator/InternalUrlValidator.php    |   37 ++++++++++++++++++++
 2 files changed, 39 insertions(+), 1 deletion(-)

diff --git a/application/forms/Dashboard/DashletForm.php b/application/forms/Dashboard/DashletForm.php
index f3df2c2..07d5c32 100644
--- a/application/forms/Dashboard/DashletForm.php
+++ b/application/forms/Dashboard/DashletForm.php
@@ -3,6 +3,7 @@
 
 namespace Icinga\Forms\Dashboard;
 
+use Icinga\Web\Form\Validator\InternalUrlValidator;
 use Icinga\Web\Widget\Dashboard;
 use Icinga\Web\Form;
 use Icinga\Web\Form\Validator\UrlValidator;
@@ -70,7 +71,7 @@ class DashletForm extends Form
                 'description'   => $this->translate(
                     'Enter url being loaded in the dashlet. You can paste the full URL, including filters.'
                 ),
-                'validators'    => array(new UrlValidator())
+                'validators'    => array(new UrlValidator(), new InternalUrlValidator())
             )
         );
         $this->addElement(
diff --git a/library/Icinga/Web/Form/Validator/InternalUrlValidator.php b/library/Icinga/Web/Form/Validator/InternalUrlValidator.php
new file mode 100644
index 0000000..a0230c7
--- /dev/null
+++ b/library/Icinga/Web/Form/Validator/InternalUrlValidator.php
@@ -0,0 +1,37 @@
+<?php
+/* Icinga Web 2 | (c) 2016 Icinga Development Team | GPLv2+ */
+
+namespace Icinga\Web\Form\Validator;
+
+use Icinga\Web\Url;
+use Zend_Validate_Abstract;
+
+/**
+ * Validator that checks whether a textfield doesn't contain an external URL
+ */
+class InternalUrlValidator extends Zend_Validate_Abstract
+{
+    /**
+     * {@inheritdoc}
+     */
+    public function isValid($value)
+    {
+        $isExternal = Url::fromPath($value)->isExternal();
+        if ($isExternal) {
+            $this->_error('IS_EXTERNAL');
+        }
+        return ! $isExternal;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    protected function _error($messageKey, $value = null)
+    {
+        if ($messageKey === 'IS_EXTERNAL') {
+            $this->_messages[$messageKey] = t('The url must not be external.');
+        } else {
+            parent::_error($messageKey, $value);
+        }
+    }
+}



More information about the icinga-checkins mailing list