#3831 avoid other xss injection

47e58f1d · kevin duret · 5de9b034 · 47e58f1d · 47e58f1d · 47e58f1d
Commit 47e58f1d authored Oct 22, 2015 by kevin duret
--- a/www/include/configuration/configCentreonBroker/listCentreonBroker.php
+++ b/www/include/configuration/configCentreonBroker/listCentreonBroker.php
@@ -37,6 +37,8 @@ if (!isset($oreon)) {
    exit();
 }

+include_once("./class/centreonUtils.class.php");
+
 include("./include/common/autoNumLimit.php");

 /*
@@ -157,9 +159,9 @@ for ($i = 0; $config = $DBRESULT->fetchRow(); $i++) {
    $elemArr[$i] = array(
                         "MenuClass" => "list_".$style,
                         "RowMenu_select" => $selectedElements->toHtml(),
-                         "RowMenu_name" => $config["config_name"],
+                         "RowMenu_name" => CentreonUtils::escapeSecure($config["config_name"]),
                         "RowMenu_link" => "?p=".$p."&o=c&id=".$config['config_id'],
-                         "RowMenu_desc" => substr($nagios_servers[$config["ns_nagios_server"]], 0, 40),
+                         "RowMenu_desc" => CentreonUtils::escapeSecure(substr($nagios_servers[$config["ns_nagios_server"]], 0, 40)),
                         "RowMenu_inputs" => $inputNumber,
                         "RowMenu_outputs" => $outputNumber,
                         "RowMenu_loggers" => $loggerNumber,

--- a/www/include/configuration/configObject/escalation/listEscalation.php
+++ b/www/include/configuration/configObject/escalation/listEscalation.php
@@ -39,6 +39,8 @@
 	if (!isset($oreon))
 		exit();
 		
+        include_once("./class/centreonUtils.class.php");
+
 	include("./include/common/autoNumLimit.php");
 	
 	isset($_GET["list"]) ? $list = $_GET["list"] : $list = NULL;
@@ -175,8 +177,8 @@
 		$moptions .= "&nbsp;<input onKeypress=\"if(event.keyCode > 31 && (event.keyCode < 45 || event.keyCode > 57)) event.returnValue = false; if(event.which > 31 && (event.which < 45 || event.which > 57)) return false;\" maxlength=\"3\" size=\"3\" value='1' style=\"margin-bottom:0px;\" name='dupNbr[".$esc['esc_id']."]'></input>";
 		$elemArr[$i] = array("MenuClass"=>"list_".$style, 
 						"RowMenu_select"=>$selectedElements->toHtml(),
-						"RowMenu_name"=>myDecode($esc["esc_name"]),
-						"RowMenu_alias"=>myDecode($esc["esc_alias"]),
+						"RowMenu_name"=>CentreonUtils::escapeSecure(myDecode($esc["esc_name"])),
+						"RowMenu_alias"=>CentreonUtils::escapeSecure(myDecode($esc["esc_alias"])),
 						"RowMenu_link"=>"?p=".$p."&o=c&esc_id=".$esc['esc_id'],
 						"RowMenu_options"=>$moptions);
 		$style != "two" ? $style = "two" : $style = "one";	}

--- a/www/include/configuration/configObject/host_dependency/listHostDependency.php
+++ b/www/include/configuration/configObject/host_dependency/listHostDependency.php
@@ -39,6 +39,8 @@
 	if (!isset($oreon))
 		exit();

+        include_once("./class/centreonUtils.class.php");
+
 	include("./include/common/autoNumLimit.php");

 	/*
@@ -126,8 +128,8 @@
 		$moptions .= "&nbsp;<input onKeypress=\"if(event.keyCode > 31 && (event.keyCode < 45 || event.keyCode > 57)) event.returnValue = false; if(event.which > 31 && (event.which < 45 || event.which > 57)) return false;\" maxlength=\"3\" size=\"3\" value='1' style=\"margin-bottom:0px;\" name='dupNbr[".$dep['dep_id']."]'></input>";
 		$elemArr[$i] = array("MenuClass"=>"list_".$style,
 						"RowMenu_select"=>$selectedElements->toHtml(),
-						"RowMenu_name"=>myDecode($dep["dep_name"]),
-						"RowMenu_description"=>myDecode($dep["dep_description"]),
+						"RowMenu_name"=>CentreonUtils::escapeSecure(myDecode($dep["dep_name"])),
+						"RowMenu_description"=>CentreonUtils::escapeSecure(myDecode($dep["dep_description"])),
 						"RowMenu_link"=>"?p=".$p."&o=c&dep_id=".$dep['dep_id'],
 						"RowMenu_options"=>$moptions);
 		$style != "two" ? $style = "two" : $style = "one";	}

--- a/www/include/configuration/configObject/hostgroup_dependency/listHostGroupDependency.php
+++ b/www/include/configuration/configObject/hostgroup_dependency/listHostGroupDependency.php
@@ -39,6 +39,8 @@
 	if (!isset($oreon))
 		exit();

+        include_once("./class/centreonUtils.class.php");
+
 	include("./include/common/autoNumLimit.php");

 	/*
@@ -120,9 +122,9 @@
 		$moptions .= "&nbsp;<input onKeypress=\"if(event.keyCode > 31 && (event.keyCode < 45 || event.keyCode > 57)) event.returnValue = false; if(event.which > 31 && (event.which < 45 || event.which > 57)) return false;\" maxlength=\"3\" size=\"3\" value='1' style=\"margin-bottom:0px;\" name='dupNbr[".$dep['dep_id']."]'></input>";
 		$elemArr[$i] = array(	"MenuClass"=>"list_".$style,
 								"RowMenu_select"=>$selectedElements->toHtml(),
-								"RowMenu_name"=>$dep["dep_name"],
+								"RowMenu_name"=>CentreonUtils::escapeSecure($dep["dep_name"]),
 								"RowMenu_link"=>"?p=".$p."&o=c&dep_id=".$dep['dep_id'],
-								"RowMenu_description"=>$dep["dep_description"],
+								"RowMenu_description"=>CentreonUtils::escapeSecure($dep["dep_description"]),
 								"RowMenu_options"=>$moptions);
 		$style != "two" ? $style = "two" : $style = "one";
 	}

--- a/www/include/configuration/configObject/metaservice_dependency/listMetaServiceDependency.php
+++ b/www/include/configuration/configObject/metaservice_dependency/listMetaServiceDependency.php
@@ -39,6 +39,8 @@
 	if (!isset($oreon))
 		exit();

+        include_once("./class/centreonUtils.class.php");
+		
 	include("./include/common/autoNumLimit.php");

 	# start quickSearch form
@@ -109,9 +111,9 @@
 		$moptions .= "&nbsp;<input onKeypress=\"if(event.keyCode > 31 && (event.keyCode < 45 || event.keyCode > 57)) event.returnValue = false; if(event.which > 31 && (event.which < 45 || event.which > 57)) return false;\" maxlength=\"3\" size=\"3\" value='1' style=\"margin-bottom:0px;\" name='dupNbr[".$dep['dep_id']."]'></input>";
 		$elemArr[$i] = array("MenuClass"=>"list_".$style, 
 						"RowMenu_select"=>$selectedElements->toHtml(),
-						"RowMenu_name"=>$dep["dep_name"],
+						"RowMenu_name"=>CentreonUtils::escapeSecure($dep["dep_name"]),
 						"RowMenu_link"=>"?p=".$p."&o=c&dep_id=".$dep['dep_id'],
-						"RowMenu_description"=>$dep["dep_description"],
+						"RowMenu_description"=>CentreonUtils::escapeSecure($dep["dep_description"]),
 						"RowMenu_options"=>$moptions);
 		$style != "two" ? $style = "two" : $style = "one";	}
 	$tpl->assign("elemArr", $elemArr);

--- a/www/include/configuration/configObject/servicegroup_dependency/listServiceGroupDependency.php
+++ b/www/include/configuration/configObject/servicegroup_dependency/listServiceGroupDependency.php
@@ -39,6 +39,8 @@
 	if (!isset($oreon))
 		exit();

+        include_once("./class/centreonUtils.class.php");
+		
 	include("./include/common/autoNumLimit.php");
 	
 	/*
@@ -130,9 +132,9 @@
 		$moptions .= "&nbsp;<input onKeypress=\"if(event.keyCode > 31 && (event.keyCode < 45 || event.keyCode > 57)) event.returnValue = false; if(event.which > 31 && (event.which < 45 || event.which > 57)) return false;\" maxlength=\"3\" size=\"3\" value='1' style=\"margin-bottom:0px;\" name='dupNbr[".$dep['dep_id']."]'></input>";
 		$elemArr[$i] = array(	"MenuClass"=>"list_".$style, 
 								"RowMenu_select"=>$selectedElements->toHtml(),
-								"RowMenu_name"=>htmlentities($dep["dep_name"]),
+								"RowMenu_name"=>CentreonUtils::escapeSecure(htmlentities($dep["dep_name"])),
 								"RowMenu_link"=>"?p=".$p."&o=c&dep_id=".$dep['dep_id'],
-								"RowMenu_description"=>htmlentities($dep["dep_description"]),
+								"RowMenu_description"=>CentreonUtils::escapeSecure(htmlentities($dep["dep_description"])),
 								"RowMenu_options"=>$moptions);
 		$style != "two" ? $style = "two" : $style = "one";	}
 	$tpl->assign("elemArr", $elemArr);