diff --git a/application/cmdbabstract.class.inc.php b/application/cmdbabstract.class.inc.php
index 1139a08df..9f4188c18 100644
--- a/application/cmdbabstract.class.inc.php
+++ b/application/cmdbabstract.class.inc.php
@@ -4735,11 +4735,15 @@ EOF
$sCSSClass = $bResult ? HILIGHT_CLASS_NONE : HILIGHT_CLASS_CRITICAL;
$sChecked = $bResult ? 'checked' : '';
$sDisabled = $bResult ? '' : 'disabled';
+
+ $aErrorsToDisplay = array_map(function($sError) {
+ return utils::HtmlEntities($sError);
+ }, $aErrors);
$aRows[] = array(
'form::select' => "",
'object' => $oObj->GetHyperlink(),
'status' => $sStatus,
- 'errors' => ''.($bResult ? '' : implode('
', $aErrors)).'
',
+ 'errors' => ''.($bResult ? '' : implode('
', $aErrorsToDisplay)).'
',
'@class' => $sCSSClass,
);
if ($bResult && (!$bPreview))
diff --git a/core/coreexception.class.inc.php b/core/coreexception.class.inc.php
index a85417786..b29ece9b1 100644
--- a/core/coreexception.class.inc.php
+++ b/core/coreexception.class.inc.php
@@ -165,19 +165,15 @@ class CoreCannotSaveObjectException extends CoreException
public function getHtmlMessage()
{
$sTitle = Dict::S('UI:Error:SaveFailed');
- $sContent = "{$sTitle}";
+ $sContent = "".utils::HtmlEntities($sTitle)."";
- if (count($this->aIssues) == 1)
- {
+ if (count($this->aIssues) == 1) {
$sIssue = reset($this->aIssues);
- $sContent .= " {$sIssue}";
- }
- else
- {
+ $sContent .= " ".utils::HtmlEntities($sIssue)."";
+ } else {
$sContent .= '';
- foreach ($this->aIssues as $sError)
- {
- $sContent .= "- $sError
";
+ foreach ($this->aIssues as $sError) {
+ $sContent .= "- ".utils::HtmlEntities($sError)."
";
}
$sContent .= '
';
}
diff --git a/core/dbobject.class.php b/core/dbobject.class.php
index dcd073638..dc2fd1484 100644
--- a/core/dbobject.class.php
+++ b/core/dbobject.class.php
@@ -1880,7 +1880,7 @@ abstract class DBObject implements iDisplay
$oTargetObj = MetaModel::GetObject($sTargetClass, $toCheck, false /*must be found*/, true /*allow all data*/);
if (is_null($oTargetObj))
{
- return "Target object not found (".utils::HtmlEntities($sTargetClass).".::".utils::HtmlEntities($toCheck).")";
+ return "Target object not found ($sTargetClass::$toCheck)";
}
}
if ($oAtt->IsHierarchicalKey())
@@ -1889,7 +1889,7 @@ abstract class DBObject implements iDisplay
$aValues = $oAtt->GetAllowedValues(array('this' => $this));
if (!array_key_exists($toCheck, $aValues))
{
- return "Value not allowed [". utils::HtmlEntities($toCheck)."]";
+ return "Value not allowed [$toCheck]";
}
}
}
@@ -1903,7 +1903,7 @@ abstract class DBObject implements iDisplay
$oTag->SetValues(explode(' ', $toCheck));
} catch (Exception $e)
{
- return "Tag value [". utils::HtmlEntities($toCheck)."] is not a valid tag list";
+ return "Tag value '$toCheck' is not a valid tag list";
}
return true;
@@ -1931,7 +1931,7 @@ abstract class DBObject implements iDisplay
$oTag->SetValues($aValues);
} catch (Exception $e)
{
- return "Set value[". utils::HtmlEntities($toCheck)."] is not a valid set";
+ return "Set value '$toCheck' is not a valid set";
}
return true;
@@ -1951,7 +1951,7 @@ abstract class DBObject implements iDisplay
{
if (!array_key_exists($toCheck, $aValues))
{
- return "Value not allowed [". utils::HtmlEntities($toCheck)."]";
+ return "Value not allowed [$toCheck]";
}
}
if (!is_null($iMaxSize = $oAtt->GetMaxSize()))
@@ -1964,7 +1964,7 @@ abstract class DBObject implements iDisplay
}
if (!$oAtt->CheckFormat($toCheck))
{
- return "Wrong format [". utils::HtmlEntities($toCheck)."]";
+ return "Wrong format [$toCheck]";
}
}
else
diff --git a/pages/UI.php b/pages/UI.php
index 8c1bdf057..1d464904c 100644
--- a/pages/UI.php
+++ b/pages/UI.php
@@ -1614,7 +1614,10 @@ EOF
}
else
{
- $sError = ''.implode('
',$aErrors)."\n";
+ $aErrorsToDisplay = array_map(function($sError) {
+ return utils::HtmlEntities($sError);
+ }, $aErrors);
+ $sError = ''.implode('
',$aErrorsToDisplay)."\n";
}
}
else