composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-02-13 07:24:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

DBSearch: Fix serialization rework, use htmlentities

Browse Source
This commit is contained in:
Pierre Goiffon
2018-10-22 15:44:03 +02:00
parent 0298d6bc19
commit cd5e1afb2b
2 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
application/cmdbabstract.class.inc.php
View File

@@ -4583,7 +4583,8 @@ EOF
}
$oP->add("<input type=\"hidden\" name=\"transaction_id\" value=\"".utils::GetNewTransactionId()."\">\n");
$oP->add("<input type=\"hidden\" name=\"operation\" value=\"$sCustomOperation\">\n");
$oP->add("<input type=\"hidden\" name=\"filter\" value=\"".rawurlencode($oFilter->Serialize())."\">\n");
$oP->add("<input type=\"hidden\" name=\"filter\" value=\"".htmlentities($oFilter->Serialize(), ENT_QUOTES,
'UTF-8')."\">\n");
$oP->add("<input type=\"hidden\" name=\"class\" value=\"$sClass\">\n");
foreach($aObjects as $oObj)
{

2
pages/UI.php
View File

@@ -277,7 +277,7 @@ function DisplayMultipleSelectionForm($oP, $oFilter, $sNextOperation, $oChecker,
$oP->add("<form method=\"post\" action=\"./UI.php\">\n");
$oP->add("<input type=\"hidden\" name=\"operation\" value=\"$sNextOperation\">\n");
$oP->add("<input type=\"hidden\" name=\"class\" value=\"".$oFilter->GetClass()."\">\n");
$oP->add("<input type=\"hidden\" name=\"filter\" value=\"".rawurlencode($oFilter->Serialize())."\">\n");
$oP->add("<input type=\"hidden\" name=\"filter\" value=\"".htmlentities($oFilter->Serialize(), ENT_QUOTES, 'UTF-8')."\">\n");
$oP->add("<input type=\"hidden\" name=\"transaction_id\" value=\"".utils::GetNewTransactionId()."\">\n");
foreach($aExtraFormParams as $sName => $sValue)
{