fix(sec): Fix XSS on command form

* Fix XSS for describe arguments and macros

www/class/centreonCommand.class.php

@@ -253,7 +253,7 @@ class CentreonCommand
             while ($row = $dbResult->fetchRow()) {
                 $arr['id'] = $row['command_macro_id'];
                 $arr['name'] = $row['command_macro_name'];
-                $arr['description'] = $row['command_macro_desciption'];
+                $arr['description'] = htmlentities($row['command_macro_desciption']);
                 $arr['type'] = $sType;
                 $aReturn[] = $arr;
             }

www/include/configuration/configObject/command/formArguments.php

@@ -62,12 +62,13 @@ if (isset($_GET['cmd_line']) && $_GET['cmd_line']) {
 }
 
 if (isset($_GET['textArea']) && $_GET['textArea']) {
-    $tab = preg_split("/\;\;\;/", $_GET['textArea']);
+    $textArea = urldecode($_GET['textArea']);
+    $tab = preg_split("/\;\;\;/", $textArea);
     foreach ($tab as $key => $value) {
         $tab2 = preg_split("/\ \:\ /", $value, 2);
         $index = str_replace("ARG", "", $tab2[0]);
         if (isset($tab2[0]) && $tab2[0]) {
-            $args[$index] = $tab2[1];
+            $args[$index] = htmlentities($tab2[1]);
         }
     }
 }

www/include/configuration/configObject/command/javascript/commandJs.php

@@ -45,7 +45,7 @@ function goPopup() {
 
     listArea = document.getElementById('listOfArg');
     tmpStr = listArea.value;
-    tmpStr = tmpStr.replace(reg, ";;;");
+    tmpStr = encodeURIComponent(tmpStr.replace(reg, ";;;"));
     cmd_line = document.getElementById('command_line').value;
 
     Modalbox.show('./include/configuration/configObject/command/formArguments.php?cmd_line=' + cmd_line + '&textArea=' + tmpStr, {title: 'Argument description', width:800});