composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-02-13 07:24:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

N°4899 Adjust url sanitizer for 3.0 compliance

Browse Source
This commit is contained in:
Benjamin Dalsass
2022-05-18 10:49:23 +02:00
parent 87f606f768
commit 5574eabfed
2 changed files with 12 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
application/utils.inc.php
View File

@@ -97,6 +97,11 @@ class utils
* @since 3.0.0 * @since 3.0.0
*/ */
public const ENUM_SANITIZATION_FILTER_RAW_DATA = 'raw_data'; public const ENUM_SANITIZATION_FILTER_RAW_DATA = 'raw_data';
/**
* @var string
* @since 3.0.2, 3.1.0 N°4899
*/
public const ENUM_SANITIZATION_FILTER_URL = 'url';
/** /**
* @var string * @var string
@@ -455,7 +460,7 @@ class utils
break; break;
// For URL // For URL
case 'url': case static::ENUM_SANITIZATION_FILTER_URL:
$retValue = filter_var($value, FILTER_SANITIZE_URL); $retValue = filter_var($value, FILTER_SANITIZE_URL);
break; break;

12
pages/ajax.render.php
View File

@@ -932,7 +932,7 @@ try
$aExtraParams = utils::ReadParam('extra_params', array(), false, 'raw_data'); $aExtraParams = utils::ReadParam('extra_params', array(), false, 'raw_data');
$sDashboardFile = utils::ReadParam('file', '', false, 'raw_data'); $sDashboardFile = utils::ReadParam('file', '', false, 'raw_data');
$sReloadURL = utils::ReadParam('reload_url', '', false, 'url'); $sReloadURL = utils::ReadParam('reload_url', '', false, utils::ENUM_SANITIZATION_FILTER_URL);
$oDashboard = RuntimeDashboard::GetDashboard($sDashboardFile, $sDashboardId); $oDashboard = RuntimeDashboard::GetDashboard($sDashboardFile, $sDashboardId);
$aResult = array('error' => ''); $aResult = array('error' => '');
if (!is_null($oDashboard)) if (!is_null($oDashboard))
@@ -950,7 +950,7 @@ try
$sDashboardId = utils::ReadParam('dashboard_id', '', false, 'raw_data'); $sDashboardId = utils::ReadParam('dashboard_id', '', false, 'raw_data');
$aExtraParams = utils::ReadParam('extra_params', array(), false, 'raw_data'); $aExtraParams = utils::ReadParam('extra_params', array(), false, 'raw_data');
$sDashboardFile = utils::ReadParam('file', '', false, 'raw_data'); $sDashboardFile = utils::ReadParam('file', '', false, 'raw_data');
$sReloadURL = utils::ReadParam('reload_url', '', false, 'url'); $sReloadURL = utils::ReadParam('reload_url', '', false, utils::ENUM_SANITIZATION_FILTER_URL);
$oDashboard = RuntimeDashboard::GetDashboard($sDashboardFile, $sDashboardId); $oDashboard = RuntimeDashboard::GetDashboard($sDashboardFile, $sDashboardId);
$aResult = array('error' => ''); $aResult = array('error' => '');
if (!is_null($oDashboard)) if (!is_null($oDashboard))
@@ -967,7 +967,7 @@ try
$sDashboardId = utils::ReadParam('dashboard_id', '', false, 'context_param'); $sDashboardId = utils::ReadParam('dashboard_id', '', false, 'context_param');
$aExtraParams = utils::ReadParam('extra_params', array(), false, 'raw_data'); $aExtraParams = utils::ReadParam('extra_params', array(), false, 'raw_data');
$sReloadURL = utils::ReadParam('reload_url', '', false, 'url'); $sReloadURL = utils::ReadParam('reload_url', '', false, utils::ENUM_SANITIZATION_FILTER_URL);
appUserPreferences::SetPref('display_original_dashboard_'.$sDashboardId, false); appUserPreferences::SetPref('display_original_dashboard_'.$sDashboardId, false);
$sJSExtraParams = json_encode($aExtraParams); $sJSExtraParams = json_encode($aExtraParams);
$aParams = array(); $aParams = array();
@@ -1009,7 +1009,7 @@ JS
case 'revert_dashboard': case 'revert_dashboard':
$sDashboardId = utils::ReadParam('dashboard_id', '', false, 'raw_data'); $sDashboardId = utils::ReadParam('dashboard_id', '', false, 'raw_data');
$sReloadURL = utils::ReadParam('reload_url', '', false, 'url'); $sReloadURL = utils::ReadParam('reload_url', '', false, utils::ENUM_SANITIZATION_FILTER_URL);
appUserPreferences::UnsetPref('display_original_dashboard_'.$sDashboardId); appUserPreferences::UnsetPref('display_original_dashboard_'.$sDashboardId);
$oDashboard = new RuntimeDashboard($sDashboardId); $oDashboard = new RuntimeDashboard($sDashboardId);
$oDashboard->Revert(); $oDashboard->Revert();
@@ -1039,7 +1039,7 @@ EOF
$aParams['cells'] = utils::ReadParam('cells', array(), false, 'raw_data'); $aParams['cells'] = utils::ReadParam('cells', array(), false, 'raw_data');
$aParams['auto_reload'] = utils::ReadParam('auto_reload', false); $aParams['auto_reload'] = utils::ReadParam('auto_reload', false);
$aParams['auto_reload_sec'] = utils::ReadParam('auto_reload_sec', 300); $aParams['auto_reload_sec'] = utils::ReadParam('auto_reload_sec', 300);
$sReloadURL = utils::ReadParam('reload_url', '', false, 'url'); $sReloadURL = utils::ReadParam('reload_url', '', false, utils::ENUM_SANITIZATION_FILTER_URL);
$oDashboard = new RuntimeDashboard($sDashboardId); $oDashboard = new RuntimeDashboard($sDashboardId);
$oDashboard->FromParams($aParams); $oDashboard->FromParams($aParams);
$oDashboard->SetReloadURL($sReloadURL); $oDashboard->SetReloadURL($sReloadURL);
@@ -1051,7 +1051,7 @@ EOF
$aExtraParams = utils::ReadParam('extra_params', array(), false, 'raw_data'); $aExtraParams = utils::ReadParam('extra_params', array(), false, 'raw_data');
$aExtraParams['dashboard_div_id'] = utils::Sanitize($sId, '', 'element_identifier'); $aExtraParams['dashboard_div_id'] = utils::Sanitize($sId, '', 'element_identifier');
$sDashboardFile = utils::ReadParam('file', '', false, 'string'); $sDashboardFile = utils::ReadParam('file', '', false, 'string');
$sReloadURL = utils::ReadParam('reload_url', '', false, 'url'); $sReloadURL = utils::ReadParam('reload_url', '', false, utils::ENUM_SANITIZATION_FILTER_URL);
$oDashboard = RuntimeDashboard::GetDashboardToEdit($sDashboardFile, $sId); $oDashboard = RuntimeDashboard::GetDashboardToEdit($sDashboardFile, $sId);
if (!is_null($oDashboard)) { if (!is_null($oDashboard)) {
if (!empty($sReloadURL)) { if (!empty($sReloadURL)) {