defend against XSS in Monitor Name
This commit is contained in:
parent
0f91797d85
commit
bc9137bd93
|
@ -51,9 +51,9 @@ if ( count($selected_monitor_ids) ) {
|
|||
} else if ( ( $group_id != 0 || isset($_SESSION['ServerId']) || isset($_SESSION['StorageId']) || isset($_SESSION['Status']) ) ) {
|
||||
# this should be redundant
|
||||
for ( $i=0; $i < count($displayMonitors); $i++ ) {
|
||||
if ($i == '0') {
|
||||
if ( $i == 0 ) {
|
||||
$filter['Query']['terms'][] = array('attr'=>'MonitorId', 'op'=>'=', 'val'=>$displayMonitors[$i]['Id'], 'cnj'=>'and', 'obr'=>'1');
|
||||
} else if ($i == (count($displayMonitors)-1)) {
|
||||
} else if ( $i == count($displayMonitors)-1 ) {
|
||||
$filter['Query']['terms'][] = array('attr'=>'MonitorId', 'op'=>'=', 'val'=>$displayMonitors[$i]['Id'], 'cnj'=>'or', 'cbr'=>'1');
|
||||
} else {
|
||||
$filter['Query']['terms'][] = array('attr'=>'MonitorId', 'op'=>'=', 'val'=>$displayMonitors[$i]['Id'], 'cnj'=>'or');
|
||||
|
@ -148,7 +148,7 @@ while( $event = $result->fetch(PDO::FETCH_ASSOC) ) {
|
|||
for ( $monitor_i = 0; $monitor_i < count($displayMonitors); $monitor_i += 1 ) {
|
||||
$monitor = $displayMonitors[$monitor_i];
|
||||
$Monitor = new ZM\Monitor($monitor);
|
||||
$montagereview_link = "?view=montagereview&live=0&MonitorId=". $monitor['Id'] . '&minTime='.$minTime.'&maxTime='.$maxTime;
|
||||
$montagereview_link = '?view=montagereview&live=0&MonitorId='.$monitor['Id'].'&minTime='.$minTime.'&maxTime='.$maxTime;
|
||||
|
||||
$monitor_filter = addFilterTerm(
|
||||
$filter,
|
||||
|
@ -198,7 +198,8 @@ for( $monitor_i = 0; $monitor_i < count($displayMonitors); $monitor_i += 1 ) {
|
|||
<tr id="<?php echo 'monitor_id-'.$monitor['Id'] ?>" title="<?php echo $monitor['Id'] ?>">
|
||||
<td class="colId"><a href="<?php echo $montagereview_link ?>"><?php echo $monitor['Id'] ?></a></td>
|
||||
<td class="colName">
|
||||
<a href="<?php echo $montagereview_link ?>"><?php echo $monitor['Name'] ?></a><br/><div class="small text-nowrap text-muted">
|
||||
<a href="<?php echo $montagereview_link ?>"><?php echo validHtmlStr($monitor['Name']) ?></a><br/>
|
||||
<div class="small text-nowrap text-muted">
|
||||
<?php echo implode('<br/>',
|
||||
array_map(function($group_id){
|
||||
$Group = new ZM\Group($group_id);
|
||||
|
@ -208,7 +209,7 @@ for( $monitor_i = 0; $monitor_i < count($displayMonitors); $monitor_i += 1 ) {
|
|||
}, $Monitor->GroupIds()));
|
||||
?>
|
||||
</div></td>
|
||||
<td class="colServer"><?php echo $Monitor->Server()->Name()?></td>
|
||||
<td class="colServer"><?php echo validHtmlStr($Monitor->Server()->Name())?></td>
|
||||
<td class="colEvents"><a href="?view=<?php echo ZM_WEB_EVENTS_VIEW ?>&page=1<?php echo $monitor_filter['query'] ?>"><?php echo isset($EventsByMonitor[$Monitor->Id()])?count($EventsByMonitor[$Monitor->Id()]['Events']):0 ?></a></td>
|
||||
<td class="colFirstEvent"><?php echo $FirstEvent ? $FirstEvent->link_to($FirstEvent->Id().' at '.$FirstEvent->StartTime()) : 'none'?></td>
|
||||
<td class="colLastEvent"><?php echo $LastEvent ? $LastEvent->link_to($LastEvent->Id().' at '.$LastEvent->StartTime()) : 'none'?></td>
|
||||
|
|
Loading…
Reference in New Issue