[icinga-checkins] icinga.org: icingaweb2/master: Render simple HTML links (a[href]) in acknowledgements, comments and downtimes

git at icinga.org git at icinga.org
Thu Feb 25 11:35:22 CET 2016


Module: icingaweb2
Branch: master
Commit: af3abb76c823531ad3e5efd9b2f4a86f1040ef4d
URL:    https://git.icinga.org/?p=icingaweb2.git;a=commit;h=af3abb76c823531ad3e5efd9b2f4a86f1040ef4d

Author: Alexander A. Klimov <alexander.klimov at netways.de>
Date:   Tue Feb 16 14:55:27 2016 +0100

Render simple HTML links (a[href]) in acknowledgements, comments and downtimes

refs #10654

---

 modules/monitoring/application/views/scripts/downtime/show.phtml   |    2 +-
 .../views/scripts/partials/comment/comment-detail.phtml            |    2 +-
 .../views/scripts/partials/downtime/downtime-header.phtml          |    2 +-
 .../application/views/scripts/partials/event-history.phtml         |    4 +++-
 .../views/scripts/show/components/acknowledgement.phtml            |    2 +-
 .../application/views/scripts/show/components/comments.phtml       |    2 +-
 .../application/views/scripts/show/components/downtime.phtml       |    2 +-
 7 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/modules/monitoring/application/views/scripts/downtime/show.phtml b/modules/monitoring/application/views/scripts/downtime/show.phtml
index c584540..b10ae95 100644
--- a/modules/monitoring/application/views/scripts/downtime/show.phtml
+++ b/modules/monitoring/application/views/scripts/downtime/show.phtml
@@ -45,7 +45,7 @@
       </tr>
       <tr title="<?= $this->translate('A comment, as entered by the author, associated with the scheduled downtime'); ?>">
         <th><?= $this->translate('Comment') ?></th>
-        <td class="comment-text"><?= $this->nl2br($this->escape($this->downtime->comment)) ?></td>
+        <td class="comment-text"><?= $this->nl2br($this->escapeComment($this->downtime->comment)) ?></td>
       </tr>
     </tbody>
   </table>
diff --git a/modules/monitoring/application/views/scripts/partials/comment/comment-detail.phtml b/modules/monitoring/application/views/scripts/partials/comment/comment-detail.phtml
index 433b604..0fb72c3 100644
--- a/modules/monitoring/application/views/scripts/partials/comment/comment-detail.phtml
+++ b/modules/monitoring/application/views/scripts/partials/comment/comment-detail.phtml
@@ -56,5 +56,5 @@
     </span>
 </div>
 <p class="comment-text">
-    <?= $this->nl2br($this->escape($comment->comment)) ?>
+    <?= $this->nl2br($this->escapeComment($comment->comment)) ?>
 </p>
diff --git a/modules/monitoring/application/views/scripts/partials/downtime/downtime-header.phtml b/modules/monitoring/application/views/scripts/partials/downtime/downtime-header.phtml
index cf2cdf6..96130db 100644
--- a/modules/monitoring/application/views/scripts/partials/downtime/downtime-header.phtml
+++ b/modules/monitoring/application/views/scripts/partials/downtime/downtime-header.phtml
@@ -67,6 +67,6 @@
     </span>
   </div>
   <p class="comment-text">
-    <?= $this->nl2br($this->escape($downtime->comment)) ?>
+    <?= $this->nl2br($this->escapeComment($downtime->comment)) ?>
   </p>
 </td>
diff --git a/modules/monitoring/application/views/scripts/partials/event-history.phtml b/modules/monitoring/application/views/scripts/partials/event-history.phtml
index e7ae0e0..7a0cee2 100644
--- a/modules/monitoring/application/views/scripts/partials/event-history.phtml
+++ b/modules/monitoring/application/views/scripts/partials/event-history.phtml
@@ -147,7 +147,9 @@ $history->limit($limit * $page);
                     <?php if ($icon) {
                         echo $this->icon($icon, null, $iconCssClass ? array('class' => $iconCssClass) : array());
                     } ?>
-                    <?= nl2br($this->createTicketLinks($this->escape($msg)), false) ?>
+                    <?= $this->nl2br($this->createTicketLinks($this->escapeComment($msg)))
+                    // TODO(ak): this allows only a[href] in messages, but plugin output allows more
+                    ?>
                 </p>
             </td>
         </tr>
diff --git a/modules/monitoring/application/views/scripts/show/components/acknowledgement.phtml b/modules/monitoring/application/views/scripts/show/components/acknowledgement.phtml
index 289405c..568dc90 100644
--- a/modules/monitoring/application/views/scripts/show/components/acknowledgement.phtml
+++ b/modules/monitoring/application/views/scripts/show/components/acknowledgement.phtml
@@ -44,7 +44,7 @@ $acknowledgement = $object->acknowledgement;
                 } ?>
             </dt>
             <dd>
-                <?= $this->nl2br($this->createTicketLinks($this->escape($acknowledgement->getComment()))) ?>
+                <?= $this->nl2br($this->createTicketLinks($this->escapeComment($acknowledgement->getComment()))) ?>
             </dd>
         </dl>
         <?php elseif (isset($removeAckForm)): ?>
diff --git a/modules/monitoring/application/views/scripts/show/components/comments.phtml b/modules/monitoring/application/views/scripts/show/components/comments.phtml
index 34b72c5..671c363 100644
--- a/modules/monitoring/application/views/scripts/show/components/comments.phtml
+++ b/modules/monitoring/application/views/scripts/show/components/comments.phtml
@@ -67,7 +67,7 @@ if (empty($object->comments) && ! $addLink) {
                 } ?>
             </dt>
             <dd>
-                <?= $this->nl2br($this->createTicketLinks($this->escape($comment->comment))) ?>
+                <?= $this->nl2br($this->createTicketLinks($this->escapeComment($comment->comment))) ?>
             </dd>
         <?php endforeach ?>
         </dl>
diff --git a/modules/monitoring/application/views/scripts/show/components/downtime.phtml b/modules/monitoring/application/views/scripts/show/components/downtime.phtml
index 7da27f2..5655da4 100644
--- a/modules/monitoring/application/views/scripts/show/components/downtime.phtml
+++ b/modules/monitoring/application/views/scripts/show/components/downtime.phtml
@@ -96,7 +96,7 @@ if (empty($object->comments) && ! $addLink) {
                 } ?>
             </dt>
             <dd>
-                <?= $this->nl2br($this->createTicketLinks($this->escape($downtime->comment))) ?>
+                <?= $this->nl2br($this->createTicketLinks($this->escapeComment($downtime->comment))) ?>
             </dd>
         <?php endforeach ?>
         </dl>



More information about the icinga-checkins mailing list