Skip to content
This repository was archived by the owner on Sep 10, 2021. It is now read-only.

Commit dd9b6a4

Browse files
author
Jamie Snape
committed
Escape variables in pvw module
1 parent 4a1b968 commit dd9b6a4

File tree

2 files changed

+8
-8
lines changed

2 files changed

+8
-8
lines changed

modules/pvw/Notification.php

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -39,18 +39,18 @@ public function getItemViewLink($params)
3939
$webroot = Zend_Controller_Front::getInstance()->getBaseUrl();
4040
if ($this->ModuleComponent->Validation->canVisualizeWithSliceView($item)
4141
) {
42-
$html = '<li><a href="'.$webroot.'/'.$this->moduleName.'/paraview/slice?itemId='.$item->getKey().'">';
42+
$html = '<li><a href="'.$webroot.'/'.$this->moduleName.'/paraview/slice?itemId='.htmlspecialchars($item->getKey(), ENT_QUOTES, 'UTF-8').'">';
4343
$html .= '<img alt="" src="'.$webroot.'/modules/'.$this->moduleName.'/public/images/sliceView.png" /> ';
4444
$html .= 'Slice Visualization</a></li>';
4545

46-
$html .= '<li><a href="'.$webroot.'/'.$this->moduleName.'/paraview/volume?itemId='.$item->getKey().'">';
46+
$html .= '<li><a href="'.$webroot.'/'.$this->moduleName.'/paraview/volume?itemId='.htmlspecialchars($item->getKey(), ENT_QUOTES, 'UTF-8').'">';
4747
$html .= '<img alt="" src="'.$webroot.'/modules/'.$this->moduleName.'/public/images/volume.png" /> ';
4848
$html .= 'Volume Visualization</a></li>';
4949

5050
return $html;
5151
} elseif ($this->ModuleComponent->Validation->canVisualizeWithSurfaceView($item)
5252
) {
53-
$html = '<li><a href="'.$webroot.'/'.$this->moduleName.'/paraview/surface?itemId='.$item->getKey().'">';
53+
$html = '<li><a href="'.$webroot.'/'.$this->moduleName.'/paraview/surface?itemId='.htmlspecialchars($item->getKey(), ENT_QUOTES, 'UTF-8').'">';
5454
$html .= '<img alt="" src="'.$webroot.'/modules/'.$this->moduleName.'/public/images/pqUnstructuredGrid16.png" /> ';
5555
$html .= 'Surface Visualization</a></li>';
5656

modules/pvw/views/admin/status.phtml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -45,12 +45,12 @@
4545
foreach ($this->instances as $row) {
4646
$instance = $row['dao'];
4747
$status = $row['status'];
48-
echo '<tr key="'.$instance->getKey().'"><td>'.$instance->getKey().'</td><td>'.$instance->getPort(
49-
).'</td><td>'.$instance->getPid().'</td><td>'.$instance->getCreationDate(
50-
).'</td><td>'.($status ? '<span class="running">Running</span>' : '<span class="dead">Dead</span>');
48+
echo '<tr key="'.$this->escape($instance->getKey()).'"><td>'.$this->escape($instance->getKey()).'</td><td>'.$this->escape($instance->getPort(
49+
)).'</td><td>'.$this->escape($instance->getPid()).'</td><td>'.$this->escape($instance->getCreationDate(
50+
)).'</td><td>'.($status ? '<span class="running">Running</span>' : '<span class="dead">Dead</span>');
5151

52-
echo '</td><td><img qtip="Kill instance" alt="" class="killInstance" key="'.$instance->getKey(
53-
).'" src="'.$this->coreWebroot.'/public/images/icons/close.png"/></td></tr>';
52+
echo '</td><td><img qtip="Kill instance" alt="" class="killInstance" key="'.$this->escape($instance->getKey(
53+
)).'" src="'.$this->coreWebroot.'/public/images/icons/close.png"/></td></tr>';
5454
}
5555
?>
5656
</tbody>

0 commit comments

Comments
 (0)