From c0bc2e267ee2e1baf79590035498ec8b628a34de Mon Sep 17 00:00:00 2001 From: Eric Lippmann Date: Tue, 3 Nov 2015 10:40:03 +0100 Subject: [PATCH] monitoring: Don't use str_replace for nl2br and escape comments before creating ticket links --- .../application/views/scripts/list/eventhistory.phtml | 2 +- .../monitoring/application/views/scripts/list/services.phtml | 2 +- .../views/scripts/show/components/acknowledgement.phtml | 2 +- .../application/views/scripts/show/components/comments.phtml | 2 +- .../application/views/scripts/show/components/downtime.phtml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/monitoring/application/views/scripts/list/eventhistory.phtml b/modules/monitoring/application/views/scripts/list/eventhistory.phtml index 17205d0fd7..288bb692eb 100644 --- a/modules/monitoring/application/views/scripts/list/eventhistory.phtml +++ b/modules/monitoring/application/views/scripts/list/eventhistory.phtml @@ -92,7 +92,7 @@ if (! $this->compact): ?> link()->host($event->host_name, $event->host_display_name) ?>

- escape($msg) ?> + createTicketLinks($this->escape($msg)), false) ?>

diff --git a/modules/monitoring/application/views/scripts/list/services.phtml b/modules/monitoring/application/views/scripts/list/services.phtml index a44ec6489b..c1c8d7fde8 100644 --- a/modules/monitoring/application/views/scripts/list/services.phtml +++ b/modules/monitoring/application/views/scripts/list/services.phtml @@ -70,7 +70,7 @@ if (! $this->compact): ?> $service->host_display_name ) ) - ) ?>: + ) ?>: qlink( $service->service_display_name, $serviceLink, diff --git a/modules/monitoring/application/views/scripts/show/components/acknowledgement.phtml b/modules/monitoring/application/views/scripts/show/components/acknowledgement.phtml index 5ad6857bb9..77d99f69f5 100644 --- a/modules/monitoring/application/views/scripts/show/components/acknowledgement.phtml +++ b/modules/monitoring/application/views/scripts/show/components/acknowledgement.phtml @@ -46,7 +46,7 @@ $acknowledgement = $object->acknowledgement;
-

createTicketLinks($acknowledgement->getComment()), false) ?>

+

createTicketLinks($this->escape($acknowledgement->getComment())), false) ?>

diff --git a/modules/monitoring/application/views/scripts/show/components/comments.phtml b/modules/monitoring/application/views/scripts/show/components/comments.phtml index 84fdf904f4..7d08743663 100644 --- a/modules/monitoring/application/views/scripts/show/components/comments.phtml +++ b/modules/monitoring/application/views/scripts/show/components/comments.phtml @@ -69,7 +69,7 @@ if (empty($object->comments) && ! $addLink) {
- ', $this->createTicketLinks($comment->comment)) ?> +

createTicketLinks($this->escape($comment->comment)), false) ?>

diff --git a/modules/monitoring/application/views/scripts/show/components/downtime.phtml b/modules/monitoring/application/views/scripts/show/components/downtime.phtml index 209e5f7005..184fcc44e2 100644 --- a/modules/monitoring/application/views/scripts/show/components/downtime.phtml +++ b/modules/monitoring/application/views/scripts/show/components/downtime.phtml @@ -99,7 +99,7 @@ if (empty($object->comments) && ! $addLink) {
-

', $this->createTicketLinks($downtime->comment)) ?>

+

createTicketLinks($this->escape($downtime->comment)), false) ?>