[icinga-checkins] icinga.org: icingaweb2/bugfix/js-close-container-8590: FilterEditor: always escape filter embedded in HTML

git at icinga.org git at icinga.org
Mon Feb 22 13:38:13 CET 2016


Module: icingaweb2
Branch: bugfix/js-close-container-8590
Commit: 41a8c75a4f3ecfebb0c3745311cf8b679c33bc2a
URL:    https://git.icinga.org/?p=icingaweb2.git;a=commit;h=41a8c75a4f3ecfebb0c3745311cf8b679c33bc2a

Author: Alexander A. Klimov <alexander.klimov at netways.de>
Date:   Fri Feb 19 15:22:10 2016 +0100

FilterEditor: always escape filter embedded in HTML

---

 library/Icinga/Web/Widget/FilterEditor.php |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/library/Icinga/Web/Widget/FilterEditor.php b/library/Icinga/Web/Widget/FilterEditor.php
index 8457c90..d6f186f 100644
--- a/library/Icinga/Web/Widget/FilterEditor.php
+++ b/library/Icinga/Web/Widget/FilterEditor.php
@@ -714,7 +714,7 @@ class FilterEditor extends AbstractWidget
         } else {
             $title = t('Modify this filter');
             if (! $this->filter->isEmpty()) {
-                $title .= ': ' . $this->filter;
+                $title .= ': ' . $this->view()->escape($this->filter);
             }
         }
         return $html
@@ -732,7 +732,7 @@ class FilterEditor extends AbstractWidget
     public function render()
     {
         if (! $this->preservedUrl()->getParam('modifyFilter')) {
-            return '<div class="filter">' . $this->renderSearch() . $this->shorten($this->filter, 50) . '</div>';
+            return '<div class="filter">' . $this->renderSearch() . $this->view()->escape($this->shorten($this->filter, 50)) . '</div>';
         }
         return  '<div class="filter">'
             . $this->renderSearch()



More information about the icinga-checkins mailing list