mirror of
https://github.com/Combodo/iTop.git
synced 2026-05-20 15:52:24 +02:00
N°4517 - PHP 8.1: Replace htmlentities(***, ENT_QUOTES, 'UTF-8') with utils::EscapeHtml
This commit is contained in:
acognet
@@ -104,7 +104,7 @@ try
|
||||
$oAttachment->Set('contents', $oDoc);
|
||||
$iAttId = $oAttachment->DBInsert();
|
||||
|
||||
$aResult['msg'] = htmlentities($oDoc->GetFileName(), ENT_QUOTES, 'UTF-8');
|
||||
$aResult['msg'] = utils::EscapeHtml($oDoc->GetFileName());
|
||||
$aResult['icon'] = utils::GetAbsoluteUrlAppRoot().AttachmentPlugIn::GetFileIcon($oDoc->GetFileName());
|
||||
$aResult['att_id'] = $iAttId;
|
||||
$aResult['preview'] = $oDoc->IsPreviewAvailable() ? 'true' : 'false';
|
||||
@@ -138,9 +138,8 @@ try
|
||||
|
||||
$oPage->output();
|
||||
}
|
||||
catch (Exception $e)
|
||||
{
|
||||
catch (Exception $e) {
|
||||
// note: transform to cope with XSS attacks
|
||||
echo htmlentities($e->GetMessage(), ENT_QUOTES, 'utf-8');
|
||||
echo utils::EscapeHtml($e->GetMessage());
|
||||
IssueLog::Error($e->getMessage());
|
||||
}
|
||||
|
||||
@@ -679,13 +679,12 @@ class CMDBChangeOpAttachmentAdded extends CMDBChangeOp
|
||||
// Temporary, until we change the options of GetDescription() -needs a more global revision
|
||||
$sTargetObjectClass = 'Attachment';
|
||||
$iTargetObjectKey = $this->Get('attachment_id');
|
||||
$sFilename = htmlentities($this->Get('filename'), ENT_QUOTES, 'UTF-8');
|
||||
$sFilename = utils::EscapeHtml($this->Get('filename'));
|
||||
$oTargetSearch = new DBObjectSearch($sTargetObjectClass);
|
||||
$oTargetSearch->AddCondition('id', $iTargetObjectKey, '=');
|
||||
|
||||
$oMonoObjectSet = new DBObjectSet($oTargetSearch);
|
||||
if ($oMonoObjectSet->Count() > 0)
|
||||
{
|
||||
if ($oMonoObjectSet->Count() > 0) {
|
||||
$oAttachment = $oMonoObjectSet->Fetch();
|
||||
$oDoc = $oAttachment->Get('contents');
|
||||
$sPreview = $oDoc->IsPreviewAvailable() ? 'data-preview="true"' : '';
|
||||
@@ -739,7 +738,7 @@ class CMDBChangeOpAttachmentRemoved extends CMDBChangeOp
|
||||
{
|
||||
// Temporary, until we change the options of GetDescription() -needs a more global revision
|
||||
$sResult = Dict::Format('Attachments:History_File_Removed',
|
||||
'<span class="attachment-history-deleted">'.htmlentities($this->Get('filename'), ENT_QUOTES, 'UTF-8').'</span>');
|
||||
'<span class="attachment-history-deleted">'.utils::EscapeHtml($this->Get('filename')).'</span>');
|
||||
|
||||
return $sResult;
|
||||
}
|
||||
|
||||
@@ -170,7 +170,8 @@ try {
|
||||
$iEditorTopMargin += 5*$iWarnings;
|
||||
|
||||
$sOriginalConfig = str_replace("\r\n", "\n", file_get_contents($sConfigFile));
|
||||
} catch (Exception $e) {
|
||||
}
|
||||
catch (Exception $e) {
|
||||
$oAlert = AlertUIBlockFactory::MakeForDanger('', $e->getMessage());
|
||||
$iEditorTopMargin += 5;
|
||||
$oP->AddUiBlock($oAlert);
|
||||
@@ -180,8 +181,8 @@ try {
|
||||
}
|
||||
|
||||
|
||||
$sConfigEscaped = htmlentities($sConfig, ENT_QUOTES, 'UTF-8');
|
||||
$sOriginalConfigEscaped = htmlentities($sOriginalConfig, ENT_QUOTES, 'UTF-8');
|
||||
$sConfigEscaped = utils::EscapeHtml($sConfig);
|
||||
$sOriginalConfigEscaped = utils::EscapeHtml($sOriginalConfig);
|
||||
$oP->AddUiBlock(new Html('<p>'.Dict::S('config-edit-intro').'</p>'));
|
||||
|
||||
$oForm = new Form();
|
||||
|
||||
@@ -36,11 +36,11 @@ function DisplayStatus(WebPage $oPage)
|
||||
$sCode = $oExtension->sCode;
|
||||
$sDir = basename($oExtension->sSourceDir);
|
||||
$oPage->add('<input type="checkbox" data-extension-code="'.$sCode.'" data-extension-dir="'.$sDir.'" checked disabled> ');
|
||||
$oPage->add('<label><b>'.htmlentities($oExtension->sLabel, ENT_QUOTES, 'UTF-8').'</b> '.$sInstallation.'</label>');
|
||||
$oPage->add('<label><b>'.utils::EscapeHtml($oExtension->sLabel).'</b> '.$sInstallation.'</label>');
|
||||
$oPage->add('<div class="description">');
|
||||
$oPage->add('<p>');
|
||||
if ($oExtension->sDescription != '') {
|
||||
$oPage->add(htmlentities($oExtension->sDescription, ENT_QUOTES, 'UTF-8').'</br>');
|
||||
$oPage->add(utils::EscapeHtml($oExtension->sDescription).'</br>');
|
||||
}
|
||||
$oPage->add('</p>');
|
||||
$oPage->add('</div>');
|
||||
@@ -161,11 +161,11 @@ function DoInstall(WebPage $oPage)
|
||||
$oPage->add('<div class="choice">');
|
||||
$oPage->add('<input type="checkbox" disabled> ');
|
||||
$sTitle = Dict::Format('iTopHub:InstallationEffect:MissingDependencies_Details', implode(', ', $oExtension->aMissingDependencies));
|
||||
$oPage->add('<label><b>'.htmlentities($oExtension->sLabel, ENT_QUOTES, 'UTF-8').'</b> <span style="color:red" title="'.$sTitle.'">'.Dict::S('iTopHub:InstallationEffect:MissingDependencies').'<span></label>');
|
||||
$oPage->add('<label><b>'.utils::EscapeHtml($oExtension->sLabel).'</b> <span style="color:red" title="'.$sTitle.'">'.Dict::S('iTopHub:InstallationEffect:MissingDependencies').'<span></label>');
|
||||
$oPage->add('<div class="description">');
|
||||
$oPage->add('<p>');
|
||||
if ($oExtension->sDescription != '') {
|
||||
$oPage->add(htmlentities($oExtension->sDescription, ENT_QUOTES, 'UTF-8').'</br>');
|
||||
$oPage->add(utils::EscapeHtml($oExtension->sDescription).'</br>');
|
||||
}
|
||||
$oPage->add('</p>');
|
||||
$oPage->add('</div>');
|
||||
@@ -189,11 +189,11 @@ function DoInstall(WebPage $oPage)
|
||||
$sCode = $oExtension->sCode;
|
||||
$sDir = basename($oExtension->sSourceDir);
|
||||
$oPage->add('<input type="checkbox" checked disabled data-extension-code="'.$sCode.'" data-extension-dir="'.$sDir.'"> ');
|
||||
$oPage->add('<label><b>'.htmlentities($oExtension->sLabel, ENT_QUOTES, 'UTF-8').'</b> '.$sInstallation.'</label>');
|
||||
$oPage->add('<label><b>'.utils::EscapeHtml($oExtension->sLabel).'</b> '.$sInstallation.'</label>');
|
||||
$oPage->add('<div class="description">');
|
||||
$oPage->add('<p>');
|
||||
if ($oExtension->sDescription != '') {
|
||||
$oPage->add(htmlentities($oExtension->sDescription, ENT_QUOTES, 'UTF-8').'</br>');
|
||||
$oPage->add(utils::EscapeHtml($oExtension->sDescription).'</br>');
|
||||
}
|
||||
$oPage->add('</p>');
|
||||
$oPage->add('</div>');
|
||||
|
||||
@@ -282,7 +282,7 @@ try {
|
||||
$oPage = new NiceWebPage('');
|
||||
$aDataToPost = MakeDataToPost($sTargetRoute);
|
||||
$oPage->add('<form id="hub_launch_form" action="'.$sHubUrlStateless.'" method="post">');
|
||||
$oPage->add('<input type="hidden" name="json" value="'.htmlentities(json_encode($aDataToPost), ENT_QUOTES, 'UTF-8').'">');
|
||||
$oPage->add('<input type="hidden" name="json" value="'.utils::EscapeHtml(json_encode($aDataToPost)).'">');
|
||||
$oPage->add_ready_script('$("#hub_launch_form").submit();');
|
||||
break;
|
||||
|
||||
@@ -333,7 +333,7 @@ HTML
|
||||
);
|
||||
$sFormTarget = appUserPreferences::GetPref('itophub_open_in_new_window', 1) ? 'target="_blank"' : '';
|
||||
$oPage->add('<form '.$sFormTarget.' id="hub_launch_form" action="'.$sHubUrl.'" method="post">');
|
||||
$oPage->add('<input type="hidden" name="json" value="'.htmlentities(json_encode($aDataToPost), ENT_QUOTES, 'UTF-8').'">');
|
||||
$oPage->add('<input type="hidden" name="json" value="'.utils::EscapeHtml(json_encode($aDataToPost)).'">');
|
||||
|
||||
// $sNewWindowChecked = appUserPreferences::GetPref('itophub_open_in_new_window', 1) == 1 ? 'checked' : '';
|
||||
// $oPage->add('<p><input type="checkbox" class="userpref" id="itophub_open_in_new_window" '.$sNewWindowChecked.'><label for="itophub_open_in_new_window">'.Dict::S('iTopHub:OpenInNewWindow').'</label><br/>');
|
||||
|
||||
@@ -1235,12 +1235,12 @@ class ObjectController extends BrickController
|
||||
$oAttachment->Set('contents', $oDocument);
|
||||
$iAttId = $oAttachment->DBInsert();
|
||||
|
||||
$aData['msg'] = htmlentities($oDocument->GetFileName(), ENT_QUOTES, 'UTF-8');
|
||||
$aData['msg'] = utils::EscapeHtml($oDocument->GetFileName());
|
||||
$aData['icon'] = utils::GetAbsoluteUrlAppRoot().'env-'.utils::GetCurrentEnvironment().'/itop-attachments/icons/icons8-image-file.svg';
|
||||
|
||||
// Checking if the instance has attachments
|
||||
if (class_exists('AttachmentPlugIn')) {
|
||||
$aData['icon'] = utils::GetAbsoluteUrlAppRoot() . AttachmentPlugIn::GetFileIcon($oDocument->GetFileName());
|
||||
$aData['icon'] = utils::GetAbsoluteUrlAppRoot().AttachmentPlugIn::GetFileIcon($oDocument->GetFileName());
|
||||
}
|
||||
|
||||
$aData['att_id'] = $iAttId;
|
||||
|
||||
@@ -324,10 +324,9 @@ class ApplicationHelper
|
||||
if (substr($sFieldsetName, 0, 1) !== '_')
|
||||
{
|
||||
$sFieldsetHTML = "\t\t<fieldset>\n";
|
||||
$sFieldsetHTML .= "\t\t\t<legend>".htmlentities(Dict::S($sFieldsetName), ENT_QUOTES, 'UTF-8')."</legend>\n";
|
||||
$sFieldsetHTML .= "\t\t\t<legend>".utils::EscapeHtml(Dict::S($sFieldsetName))."</legend>\n";
|
||||
|
||||
foreach ($aAttCodes as $sAttCode)
|
||||
{
|
||||
foreach ($aAttCodes as $sAttCode) {
|
||||
$sFieldsetHTML .= "\t\t\t<div class=\"form_field\" data-field-id=\"".$sAttCode."\"></div>\n";
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user