Skip to content

Commit

Permalink
Resolving Issue #861
Browse files Browse the repository at this point in the history 
- The search filter does not support Cyrillic
- Also adding more __esc() to title and value attributes
- Also adding more missing i18n via audit
  • Loading branch information
@cigamit
cigamit committed Jul 20, 2017
1 parent 1fc6f0d commit 0673e3c
Show file tree
Hide file tree
Showing 51 changed files with 535 additions and 535 deletions.
38 changes: 18 additions & 20 deletions aggregate_graphs.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -320,7 +320,7 @@ function form_actions() {
</td>
</tr>\n";

$save_html = "<input type='button' value='" . __('Cancel') . "' onClick='cactiReturnTo()'>&nbsp;<input type='submit' value='" . __('Continue') . "' title='" . __('Delete Graph(s)') . "'>";
$save_html = "<input type='button' value='" . __esc('Cancel') . "' onClick='cactiReturnTo()'>&nbsp;<input type='submit' value='" . __esc('Continue') . "' title='" . __esc('Delete Graph(s)') . "'>";
} elseif (get_request_var('drp_action') == '2') { // migrate to aggregate
/* determine the common graph template if any */
foreach ($_POST as $var => $val) {
Expand Down Expand Up @@ -352,7 +352,7 @@ function form_actions() {
</td>
</tr>\n";

$save_html = "<input type='button' value='" . __('Return') . "' onClick='cactiReturnTo()'>";
$save_html = "<input type='button' value='" . __esc('Return') . "' onClick='cactiReturnTo()'>";
} else {
$graph_template = $graph_templates[0]['graph_template_id'];

Expand Down Expand Up @@ -381,7 +381,7 @@ function form_actions() {
</td>
</tr>\n";

$save_html = "<tr><td colspan='2' align='right'><input type='button' value='" . __('Cancel'). "' onClick='cactiReturnTo()'>&nbsp;<input type='submit' value='" . __('Continue') . "' title='" . __('Delete Graph(s)') . "'></td></tr>";
$save_html = "<tr><td colspan='2' align='right'><input type='button' value='" . __esc('Cancel'). "' onClick='cactiReturnTo()'>&nbsp;<input type='submit' value='" . __esc('Continue') . "' title='" . __esc('Delete Graph(s)') . "'></td></tr>";
} else {
print "<tr>
<td class='textArea'>
Expand All @@ -392,7 +392,7 @@ function form_actions() {
</td>
</tr>\n";

$save_html = "<input type='button' value='" . __('Return') . "' onClick='cactiReturnTo()'>";
$save_html = "<input type='button' value='" . __esc('Return') . "' onClick='cactiReturnTo()'>";
}
}
} elseif (get_request_var('drp_action') == '3') { // create aggregate from aggregates
Expand All @@ -404,9 +404,9 @@ function form_actions() {
</tr>\n";

print " <tr><td class='textArea' width='170'>" . __('Aggregate Name:') . "</td></tr>\n";
print " <tr><td class='textArea'><input name='aggregate_name' size='40' value='" . __('New Aggregate') . "'></td></tr>\n";
print " <tr><td class='textArea'><input name='aggregate_name' size='40' value='" . __esc('New Aggregate') . "'></td></tr>\n";

$save_html = "<input type='button' value='" . __('Cancel') . "' onClick='cactiReturnTo()'>&nbsp;<input type='submit' value='" . __('Continue') . "' title='" . __('Delete Graph(s)') . "'>";
$save_html = "<input type='button' value='" . __esc('Cancel') . "' onClick='cactiReturnTo()'>&nbsp;<input type='submit' value='" . __esc('Continue') . "' title='" . __esc('Delete Graph(s)') . "'>";
} elseif (get_request_var('drp_action') == '10') { // associate with aggregate
print "<tr>
<td class='textArea'>
Expand All @@ -415,7 +415,7 @@ function form_actions() {
</td>
</tr>\n";

$save_html = "<input type='button' value='" . __('Cancel') . "' onClick='cactiReturnTo()'>&nbsp;<input type='submit' value='" . __('Continue') . "' title='" . __('Associate Graph(s)') . "'>";
$save_html = "<input type='button' value='" . __esc('Cancel') . "' onClick='cactiReturnTo()'>&nbsp;<input type='submit' value='" . __esc('Continue') . "' title='" . __esc('Associate Graph(s)') . "'>";
} elseif (get_request_var('drp_action') == '11') { // dis-associate with aggregate
print "<tr>
<td class='textArea'>
Expand All @@ -424,7 +424,7 @@ function form_actions() {
</td>
</tr>\n";

$save_html = "<input type='button' value='" . __('Cancel') . "' onClick='cactiReturnTo()'>&nbsp;<input type='submit' value='" . __('Continue') . "' title='" . __('Dis-Associate Graph(s)') . "'>";
$save_html = "<input type='button' value='" . __esc('Cancel') . "' onClick='cactiReturnTo()'>&nbsp;<input type='submit' value='" . __esc('Continue') . "' title='" . __esc('Dis-Associate Graph(s)') . "'>";
} elseif (preg_match("/^tr_([0-9]+)$/", get_request_var('drp_action'), $matches)) { // place on tree
print "<tr>
<td class='textArea'>
Expand All @@ -435,11 +435,11 @@ function form_actions() {
</tr>\n
<input type='hidden' name='tree_id' value='" . $matches[1] . "'>\n";

$save_html = "<input type='button' value='" . __('Cancel') . "' onClick='cactiReturnTo()'>&nbsp;<input type='submit' value='" . __('Continue') . "' title='" . __('Place Graph(s) on Tree') . "'>";
$save_html = "<input type='button' value='" . __esc('Cancel') . "' onClick='cactiReturnTo()'>&nbsp;<input type='submit' value='" . __esc('Continue') . "' title='" . __esc('Place Graph(s) on Tree') . "'>";
}
} else {
print "<tr><td class='even'><span class='textError'>" . __('You must select at least one graph.') . "</span></td></tr>\n";
$save_html = "<input type='button' value='" . __('Return') . "' onClick='cactiReturnTo()'>";
$save_html = "<input type='button' value='" . __esc('Return') . "' onClick='cactiReturnTo()'>";
}

print " <tr>
Expand Down Expand Up @@ -985,8 +985,7 @@ function aggregate_items() {
function applyFilter() {
strURL = 'aggregate_graphs.php?action=edit&tab=items&id='+$('#id').val();
strURL += '&rows=' + $('#rows').val();
strURL += '&page=' + $('#page').val();
strURL += '&filter=' + escape($('#filter').val());
strURL += '&filter=' + $('#filter').val();
strURL += '&matching=' + $('#matching').is(':checked');
strURL += '&header=false';
loadPageNoHeader(strURL);
Expand Down Expand Up @@ -1030,7 +1029,7 @@ function clearFilter() {
<?php print __('Search');?>
</td>
<td>
<input type='text' id='filter' size='25' onChange='applyFilter()' value='<?php print htmlspecialchars(get_request_var('filter'));?>'>
<input type='text' id='filter' size='25' onChange='applyFilter()' value='<?php print get_request_var('filter');?>'>
</td>
<td>
<?php print __('Graphs');?>
Expand All @@ -1055,13 +1054,12 @@ function clearFilter() {
</td>
<td>
<span>
<input id='refresh' type='button' value='<?php print __('Go');?>' title='<?php print __('Set/Refresh Filters');?>'>
<input id='clear' type='button' onClick='clearFilter()' value='<?php print __('Clear');?>' title='<?php print __('Clear Filters');?>'>
<input id='refresh' type='button' value='<?php print __esc('Go');?>' title='<?php print __esc('Set/Refresh Filters');?>'>
<input id='clear' type='button' onClick='clearFilter()' value='<?php print __esc('Clear');?>' title='<?php print __esc('Clear Filters');?>'>
</span>
</td>
</tr>
</table>
<input type='hidden' id='page' value='<?php print get_request_var('page');?>'>
<input type='hidden' name='action' value='edit'>
<input type='hidden' name='tab' value='items'>
<input type='hidden' id='id' value='<?php print get_request_var('id');?>'>
Expand Down Expand Up @@ -1303,7 +1301,7 @@ function aggregate_graph() {
function applyFilter() {
strURL = 'aggregate_graphs.php';
strURL += '?rows=' + $('#rows').val();
strURL += '&filter=' + escape($('#filter').val());
strURL += '&filter=' + $('#filter').val();
strURL += '&template_id=' + $('#template_id').val();
strURL += '&header=false';
loadPageNoHeader(strURL);
Expand Down Expand Up @@ -1348,7 +1346,7 @@ function clearFilter() {
<?php print __('Search');?>
</td>
<td>
<input type='text' id='filter' size='25' value='<?php print htmlspecialchars(get_request_var('filter'));?>'>
<input type='text' id='filter' size='25' value='<?php print get_request_var('filter');?>'>
</td>
<td>
<?php print __('Template');?>
Expand Down Expand Up @@ -1389,8 +1387,8 @@ function clearFilter() {
</td>
<td>
<span>
<input type='button' id='refresh' value='<?php print __('Go');?>' title='<?php print __('Set/Refresh Filters');?>'>
<input type='button' id='clear' value='<?php print __('Clear');?>' title='<?php print __('Clear Filters');?>'>
<input type='button' id='refresh' value='<?php print __esc('Go');?>' title='<?php print __esc('Set/Refresh Filters');?>'>
<input type='button' id='clear' value='<?php print __esc('Clear');?>' title='<?php print __esc('Clear Filters');?>'>
</span>
</td>
</tr>
Expand Down
10 changes: 5 additions & 5 deletions aggregate_templates.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -309,11 +309,11 @@ function aggregate_form_actions() {
</td>
</tr>\n";

$save_html = "<input type='button' value='" . __('Cancel') . "' onClick='cactiReturnTo()'>&nbsp;<input type='submit' value='" . __('Continue') . "' title='" . __('Delete Color Template(s)') . "'>";
$save_html = "<input type='button' value='" . __esc('Cancel') . "' onClick='cactiReturnTo()'>&nbsp;<input type='submit' value='" . __esc('Continue') . "' title='" . __esc('Delete Color Template(s)') . "'>";
}
} else {
print "<tr><td class='even'><span class='textError'>" . __('You must select at least one Aggregate Graph Template.') . "</span></td></tr>\n";
$save_html = "<input type='button' value='" . __('Return') . "' onClick='cactiReturnTo()'>";
$save_html = "<input type='button' value='" . __esc('Return') . "' onClick='cactiReturnTo()'>";
}

print "<tr>
Expand Down Expand Up @@ -572,8 +572,8 @@ function aggregate_template() {
</td>
<td>
<span>
<input type="button" value="' . __('Go') . '" id="refresh">
<input type="button" value="' . __('Clear') . '" id="clear">
<input type="button" value="' . __esc('Go') . '" id="refresh">
<input type="button" value="' . __esc('Clear') . '" id="clear">
</span>
</td>
</tr>
Expand Down Expand Up @@ -683,7 +683,7 @@ function applyFilter() {
strURL = 'aggregate_templates.php';
strURL += '?rows=' + $('#rows').val();
strURL += '&has_graphs=' + $('#has_graphs').is(':checked');
strURL += '&filter=' + escape($('#filter').val());
strURL += '&filter=' + $('#filter').val();
strURL += '&header=false';
loadPageNoHeader(strURL);
}
Expand Down
52 changes: 26 additions & 26 deletions auth_changepassword.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,12 +82,12 @@
case 'changepassword':
// Secpass checking
$error = secpass_check_pass(get_nfilter_request_var('password'));

if ($error != 'ok') {
$bad_password = true;
$errorMessage = "<span class='badpassword_message'>$error</span>";
}

if (!secpass_check_history($_SESSION['sess_user_id'], get_nfilter_request_var('password'))) {
$bad_password = true;
$errorMessage = "<span class='badpassword_message'>" . __('You cannot use a previously entered password!') . "</span>";
Expand Down Expand Up @@ -125,30 +125,30 @@
$errorMessage = "<span class='badpassword_message'>" . __('Your new password cannot be the same as the old password. Please try again.') . "</span>";
}
}

if (get_nfilter_request_var('password') !== (get_nfilter_request_var('confirm'))) {
$bad_password = true;
$errorMessage = "<span class='badpassword_message'>" . __('Your new passwords do not match, please retype.') . "</span>";
}

if ($bad_password == false && get_nfilter_request_var('password') == get_nfilter_request_var('confirm') && get_nfilter_request_var('password') != '') {
// Password change is good to go
if (read_config_option('secpass_expirepass') > 0) {
db_execute_prepared("UPDATE user_auth
SET lastchange = ?
db_execute_prepared("UPDATE user_auth
SET lastchange = ?
WHERE id = ?
AND realm = 0
AND enabled = 'on'",
AND realm = 0
AND enabled = 'on'",
array(time(), intval($_SESSION['sess_user_id'])));
}

$history = intval(read_config_option('secpass_history'));
if ($history > 0) {
$h = db_fetch_row_prepared("SELECT password, password_history
FROM user_auth
WHERE id = ?
AND realm = 0
AND enabled = 'on'",
$h = db_fetch_row_prepared("SELECT password, password_history
FROM user_auth
WHERE id = ?
AND realm = 0
AND enabled = 'on'",
array($_SESSION['sess_user_id']));

$op = $h['password'];
Expand All @@ -159,19 +159,19 @@
$h[] = $op;
$h = implode('|', $h);

db_execute_prepared("UPDATE user_auth
SET password_history = ? WHERE id = ? AND realm = 0 AND enabled = 'on'",
db_execute_prepared("UPDATE user_auth
SET password_history = ? WHERE id = ? AND realm = 0 AND enabled = 'on'",
array($h, $_SESSION['sess_user_id']));
}

db_execute_prepared('INSERT IGNORE INTO user_log
(username, result, time, ip)
VALUES (?, 3, NOW(), ?)',
db_execute_prepared('INSERT IGNORE INTO user_log
(username, result, time, ip)
VALUES (?, 3, NOW(), ?)',
array($user['username'], $_SERVER['REMOTE_ADDR']));

db_execute_prepared("UPDATE user_auth
SET must_change_password = '', password = ?
WHERE id = ?",
db_execute_prepared("UPDATE user_auth
SET must_change_password = '', password = ?
WHERE id = ?",
array($password_new != '' ? $password_new:$password_old, $_SESSION['sess_user_id']));

kill_session_var('sess_change_password');
Expand All @@ -180,9 +180,9 @@

/* if no console permissions show graphs otherwise, pay attention to user setting */
$realm_id = $user_auth_realm_filenames['index.php'];
$has_console = db_fetch_cell_prepared('SELECT realm_id
FROM user_auth_realm
WHERE user_id = ? AND realm_id = ?',
$has_console = db_fetch_cell_prepared('SELECT realm_id
FROM user_auth_realm
WHERE user_id = ? AND realm_id = ?',
array($_SESSION['sess_user_id'], $realm_id));

if (basename(get_nfilter_request_var('ref')) == 'auth_changepassword.php' || basename(get_nfilter_request_var('ref')) == '') {
Expand Down Expand Up @@ -304,8 +304,8 @@
<td><input type='password' name='confirm' autocomplete='off' size='20' placeholder='********'></td>
</tr>
<tr>
<td class='nowrap' colspan='2'><input type='submit' value='" . __('Save') . "'>
" . ($user['must_change_password'] != 'on' ? "<input type='button' onClick='window.history.go(-1)' value='" . __('Return') . "'>":"") . "
<td class='nowrap' colspan='2'><input type='submit' value='" . __esc('Save') . "'>
" . ($user['must_change_password'] != 'on' ? "<input type='button' onClick='window.history.go(-1)' value='" . __esc('Return') . "'>":"") . "
</td>
</tr>
</table>
Expand Down
10 changes: 5 additions & 5 deletions auth_profile.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -142,7 +142,7 @@ function settings() {
}
}

$_SESSION['profile_referer'] = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER']:'graph_view.php');
$_SESSION['profile_referer'] = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER']:'graph_view.php');
}

form_start('auth_profile.php');
Expand Down Expand Up @@ -293,7 +293,7 @@ function clearPrivateData() {
Storages.localStorage.removeAll();
Storages.sessionStorage.removeAll();

$('body').append('<div style="display:none;" id="cleared" title="<?php print __('Private Data Cleared');?>"><p><?php print __('Your Private Data has been cleared.');?></p></div>');
$('body').append('<div style="display:none;" id="cleared" title="<?php print __esc('Private Data Cleared');?>"><p><?php print __('Your Private Data has been cleared.');?></p></div>');

$('#cleared').dialog({
modal: true,
Expand All @@ -313,7 +313,7 @@ function clearPrivateData() {

function logoutEverywhere() {
$.get('auth_profile.php?action=logout_everywhere', function(data) {
$('body').append('<div style="display:none;" id="cleared" title="<?php print __('User Sessions Cleared');?>"><p><?php print __('All your login sessions have been cleared.');?></p></div>');
$('body').append('<div style="display:none;" id="cleared" title="<?php print __esc('User Sessions Cleared');?>"><p><?php print __('All your login sessions have been cleared.');?></p></div>');

$('#cleared').dialog({
modal: true,
Expand Down Expand Up @@ -396,7 +396,7 @@ function langChange() {
$('#navigation').show();
$('#navigation_right').show();

$('input[value="Save"]').unbind().click(function(event) {
$('input[value="<?php print __esc('Save');?>"]').unbind().click(function(event) {
event.preventDefault();
if (themeChanged != true && langChanged != true) {
$.post('auth_profile.php?header=false', $('input, select, textarea').serialize()).done(function(data) {
Expand All @@ -417,7 +417,7 @@ function langChange() {
langChange();
});

$('input[value="Return"]').unbind().click(function(event) {
$('input[value="<?php print __esc('Return');?>"]').unbind().click(function(event) {
document.location = '<?php print $_SESSION['profile_referer'];?>';
});
});
Expand Down
2 changes: 1 addition & 1 deletion automation_devices.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -578,7 +578,7 @@ function applyFilter() {
strURL += '&network=' + $('#network').val();
strURL += '&snmp=' + $('#snmp').val();
strURL += '&os=' + $('#os').val();
strURL += '&filter=' + escape($('#filter').val());
strURL += '&filter=' + $('#filter').val();
strURL += '&rows=' + $('#rows').val();

loadPageNoHeader(strURL);
Expand Down
2 changes: 1 addition & 1 deletion automation_graph_rules.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -762,7 +762,7 @@ function automation_graph_rules() {
function applyFilter() {
strURL = 'automation_graph_rules.php' +
'?status=' + $('#status').val()+
'&filter=' + escape($('#filter').val())+
'&filter=' + $('#filter').val()+
'&rows=' + $('#rows').val()+
'&snmp_query_id=' + $('#snmp_query_id').val()+
'&header=false';
Expand Down
2 changes: 1 addition & 1 deletion automation_networks.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1090,7 +1090,7 @@ function networks_filter() {
<script type='text/javascript'>
function applyFilter() {
strURL = '?rows=' + $('#rows').val();
strURL += '&filter=' + escape($('#filter').val());
strURL += '&filter=' + $('#filter').val();
strURL += '&header=false';

loadPageNoHeader(strURL);
Expand Down
6 changes: 3 additions & 3 deletions automation_snmp.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -862,7 +862,7 @@ function automation_snmp() {
<script type='text/javascript'>
function applyFilter() {
strURL = 'automation_snmp.php?header=false';
strURL += '&filter='+escape($('#filter').val());
strURL += '&filter='+$('#filter').val();
strURL += '&rows='+$('#rows').val();
loadPageNoHeader(strURL);
}
Expand Down Expand Up @@ -946,7 +946,7 @@ function clearFilter() {
foreach ($snmp_groups as $snmp_group) {
form_alternate_row('line' . $snmp_group['id'], true);

form_selectable_cell("<a class='linkEditMain' href='" . htmlspecialchars('automation_snmp.php?action=edit&id=' . $snmp_group['id'] . '&page=1') . "'>" . ((get_request_var('filter') != '') ? preg_replace('/(' . preg_quote(get_request_var('filter')) . ')/i', "<span class='filteredValue'>\\1</span>", htmlspecialchars($snmp_group['name'])) : htmlspecialchars($snmp_group['name'])) . '</a>', $snmp_group['id']);
form_selectable_cell(filter_value($snmp_group['name'], get_request_var('filter'), 'automation_snmp.php?action=edit&id=' . $snmp_group['id'] . '&page=1'), $snmp_group['id']);
form_selectable_cell($snmp_group['networks'], $snmp_group['id'], '', 'text-align:right;');
form_selectable_cell($snmp_group['totals'], $snmp_group['id'], '', 'text-align:right;');
form_selectable_cell($snmp_group['v1entries'], $snmp_group['id'], '', 'text-align:right;');
Expand Down Expand Up @@ -975,7 +975,7 @@ function clearFilter() {
<script type='text/javascript'>
function applyFilter() {
strURL = 'automation_snmp.php?header=false&rows=' + $('#rows').val();
strURL += strURL + '&filter=' + escape($('#filter').val());
strURL += strURL + '&filter=' + $('#filter').val();
loadPageNoHeader(strURL);
}
</script>
Expand Down

0 comments on commit 0673e3c

Please sign in to comment.