composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-04-19 00:28:47 +02:00
Code Issues Packages Projects Releases Wiki Activity

Perf Autocomplete wizard helper don't read the links

Browse Source
This commit is contained in:
Eric
2018-12-07 15:52:58 +01:00
parent c29d7f9a07
commit f3f01f5cc8
2 changed files with 35 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
application/ajaxwebpage.class.inc.php
View File

@@ -214,62 +214,69 @@ PrepareWidgets();
EOF
);
}
$sHtml = '';
$s_captured_output = $this->ob_get_clean_safe();
if (($this->sContentType == 'text/html') && ($this->sContentDisposition == 'inline'))
{
// inline content != attachment && html => filter all scripts for malicious XSS scripts
echo self::FilterXSS($this->s_content);
$sHtml .= self::FilterXSS($this->s_content);
}
else
{
echo $this->s_content;
$sHtml .= $this->s_content;
}
if (!empty($this->m_sMenu))
{
$uid = time();
echo "<div id=\"accordion_temp_$uid\">\n";
echo "<div id=\"accordion\">\n";
echo "<!-- Beginning of the accordion menu -->\n";
echo self::FilterXSS($this->m_sMenu);
echo "<!-- End of the accordion menu-->\n";
echo "</div>\n";
echo "</div>\n";
$sHtml .= "<div id=\"accordion_temp_$uid\">\n";
$sHtml .= "<div id=\"accordion\">\n";
$sHtml .= "<!-- Beginning of the accordion menu -->\n";
$sHtml .= self::FilterXSS($this->m_sMenu);
$sHtml .= "<!-- End of the accordion menu-->\n";
$sHtml .= "</div>\n";
$sHtml .= "</div>\n";
echo "<script type=\"text/javascript\">\n";
echo "$('#inner_menu').html($('#accordion_temp_$uid').html());\n";
echo "$('#accordion_temp_$uid').remove();\n";
echo "\n</script>\n";
$sHtml .= "<script type=\"text/javascript\">\n";
$sHtml .= "$('#inner_menu').html($('#accordion_temp_$uid').html());\n";
$sHtml .= "$('#accordion_temp_$uid').remove();\n";
$sHtml .= "\n</script>\n";
}
//echo $this->s_deferred_content;
//$sHtml .= $this->s_deferred_content;
if (count($this->a_scripts) > 0)
{
echo "<script type=\"text/javascript\">\n";
echo implode("\n", $this->a_scripts);
echo "\n</script>\n";
$sHtml .= "<script type=\"text/javascript\">\n";
$sHtml .= implode("\n", $this->a_scripts);
$sHtml .= "\n</script>\n";
}
if (!empty($this->s_deferred_content))
{
echo "<script type=\"text/javascript\">\n";
echo "\$('body').append('".addslashes(str_replace("\n", '', $this->s_deferred_content))."');\n";
echo "\n</script>\n";
$sHtml .= "<script type=\"text/javascript\">\n";
$sHtml .= "\$('body').append('".addslashes(str_replace("\n", '', $this->s_deferred_content))."');\n";
$sHtml .= "\n</script>\n";
}
if (!empty($this->m_sReadyScript))
{
echo "<script type=\"text/javascript\">\n";
echo $this->m_sReadyScript; // Ready Scripts are output as simple scripts
echo "\n</script>\n";
$sHtml .= "<script type=\"text/javascript\">\n";
$sHtml .= $this->m_sReadyScript; // Ready Scripts are output as simple scripts
$sHtml .= "\n</script>\n";
}
if (trim($s_captured_output) != "")
{
echo self::FilterXSS($s_captured_output);
$sHtml .= self::FilterXSS($s_captured_output);
}
$oKPI = new ExecutionKPI();
echo $sHtml;
$oKPI->ComputeAndReport('Echoing ('.round(strlen($sHtml) / 1024).' Kb)');
if (class_exists('DBSearch'))
{
DBSearch::RecordQueryTrace();
}
ExecutionKPI::ReportStats();
}
/**

56
application/wizardhelper.class.inc.php
View File

@@ -55,59 +55,11 @@ class WizardHelper
if ( ($sAttCode !='id') && ($value !== '$$NULL$$'))
{
$oAttDef = MetaModel::GetAttributeDef($this->m_aData['m_sClass'], $sAttCode);
if (($oAttDef->IsLinkSet()) && ($value != '') )
if ($oAttDef->IsLinkSet())
{
// special handling for lists
// assumes this is handled as an array of objects
// thus encoded in json like: [ { name:'link1', 'id': 123}, { name:'link2', 'id': 124}...]
$aData = json_decode($value, true); // true means decode as a hash array (not an object)
// Check what are the meaningful attributes
$aFields = $this->GetLinkedWizardStructure($oAttDef);
$sLinkedClass = $oAttDef->GetLinkedClass();
$aLinkedObjectsArray = array();
if (!is_array($aData))
{
echo ("aData: '$aData' (value: '$value')\n");
}
foreach($aData as $aLinkedObject)
{
$oLinkedObj = MetaModel::NewObject($sLinkedClass);
foreach($aFields as $sLinkedAttCode)
{
if ( isset($aLinkedObject[$sLinkedAttCode]) && ($aLinkedObject[$sLinkedAttCode] !== null) )
{
$sLinkedAttDef = MetaModel::GetAttributeDef($sLinkedClass, $sLinkedAttCode);
if (($sLinkedAttDef->IsExternalKey()) && ($aLinkedObject[$sLinkedAttCode] != '') && ($aLinkedObject[$sLinkedAttCode] > 0) )
{
// For external keys: load the target object so that external fields
// get filled too
$oTargetObj = MetaModel::GetObject($sLinkedAttDef->GetTargetClass(), $aLinkedObject[$sLinkedAttCode]);
$oLinkedObj->Set($sLinkedAttCode, $oTargetObj);
}
elseif($sLinkedAttDef instanceof AttributeDateTime)
{
$sDate = $aLinkedObject[$sLinkedAttCode];
if($sDate !== null && $sDate !== '')
{
$oDateTimeFormat = AttributeDateTime::GetFormat();
$oDate = $oDateTimeFormat->Parse($sDate);
$sDate = $oDate->format('Y-m-d H:i:s');
}
$oLinkedObj->Set($sLinkedAttCode, $sDate);
}
else
{
$oLinkedObj->Set($sLinkedAttCode, $aLinkedObject[$sLinkedAttCode]);
}
}
}
$aLinkedObjectsArray[] = $oLinkedObj;
}
$oSet = DBObjectSet::FromArray($sLinkedClass, $aLinkedObjectsArray);
$oObj->Set($sAttCode, $oSet);
}
else if ( $oAttDef->GetEditClass() == 'Document' )
continue;
}
else if ($oAttDef->GetEditClass() == 'Document' )
{
if ($bReadUploadedFiles)
{