composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-02-13 07:24:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

N°4126 Fix HTML escaped in \SetupUtils::CheckDbServer messages

Browse Source 
As content is sent to JS returned to the AJAX request, we need to escape JS string delimiter (single quote)
We had previously a \utils::HtmlEntities call, but this isn't necessary as all content is generated internally, without calling any dict or extensibility interface.
This commit is contained in:
Pierre Goiffon
2021-07-12 14:41:26 +02:00
parent 69ad10785b
commit a683634a05
1 changed files with 7 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
setup/setuputils.class.inc.php
View File

@@ -1381,30 +1381,24 @@ JS
}
}
}
if (count($aErrors) > 0)
{
$sErrorsToDisplay = utils::HtmlEntities(implode('<br/>', $aErrors));
if (count($aErrors) > 0) {
$sErrorsToDisplay = str_replace('\'', '\\\'', implode('<br/>', $aErrors));
$oPage->add_ready_script('$("#wiz_form").data("db_connection", "error");');
$oPage->add_ready_script(
<<<JS
<<<JS
$("#db_info").html('<div class="message message-error"><span class="message-title">Error:</span>$sErrorsToDisplay</div>');
JS
);
}
else
{
if (count($aWarnings) > 0)
{
$sWarningsToDisplay = utils::HtmlEntities(implode('<br/>', $aWarnings));
} else {
if (count($aWarnings) > 0) {
$sWarningsToDisplay = str_replace('\'', '\\\'', implode('<br/>', $aWarnings));
$oPage->add_ready_script('$("#wiz_form").data("db_connection", "");');
$oPage->add_ready_script(
<<<JS
$("#db_info").html('<div class="message message-warning"><span class="message-title">Warning:</span>$sWarningsToDisplay</div>');
JS
);
}
else
{
} else {
$oPage->add_ready_script('$("#wiz_form").data("db_connection", "");');
$oPage->add_ready_script(
<<<JS