diff options
author | Peter Wu | 2014-07-20 23:23:17 +0200 |
---|---|---|
committer | Peter Wu | 2014-07-20 23:23:17 +0200 |
commit | c7283e1cae6bbdc13464a77ae7f22bd9489fe089 (patch) | |
tree | ffc767ddc0392b286d5cec0f053cf09796333077 /detail.php | |
parent | graph: don't overwrite config rrdtool_opts by rrdtool_opts from json plugin (diff) | |
download | apt-panopticon_cgp-c7283e1cae6bbdc13464a77ae7f22bd9489fe089.zip apt-panopticon_cgp-c7283e1cae6bbdc13464a77ae7f22bd9489fe089.tar.gz apt-panopticon_cgp-c7283e1cae6bbdc13464a77ae7f22bd9489fe089.tar.bz2 apt-panopticon_cgp-c7283e1cae6bbdc13464a77ae7f22bd9489fe089.tar.xz |
Defensive programming: more urlencode/htmlentities
Make build_url return an URL, not HTML. This separates presentation
from data.
plugin_header's return value is unused, remove the unnecessary return.
At places where `printf("<tag att='%s'>", $x);` is used, it is now
converted to `printf("<tag att=\"%s\">", htmlentities($x));` since
the single quote is not escaped by default by htmlentities.
In case the canvas style is used, JS should use `textContent` instead
of `innerHTML` to avoid reading `"` instead of `"`. Nobody (should)
use(s) IE6 anymore, so it is a safe change.
While at it, use the standard charset attribute of meta to specify
the character set (UTF-8).
Diffstat (limited to '')
-rw-r--r-- | detail.php | 9 |
1 files changed, 7 insertions, 2 deletions
@@ -46,7 +46,10 @@ foreach($CONFIG['term'] as $key => $s) { | |||
46 | $args['s'] = $s; | 46 | $args['s'] = $s; |
47 | $selected = selected_timerange($seconds, $s); | 47 | $selected = selected_timerange($seconds, $s); |
48 | printf('<li><a %s href="%s%s">%s</a></li>'."\n", | 48 | printf('<li><a %s href="%s%s">%s</a></li>'."\n", |
49 | $selected, $CONFIG['weburl'], build_url('detail.php', $args), $key); | 49 | $selected, |
50 | htmlentities($CONFIG['weburl']), | ||
51 | htmlentities(build_url('detail.php', $args)), | ||
52 | htmlentities($key)); | ||
50 | } | 53 | } |
51 | print "</ul>\n"; | 54 | print "</ul>\n"; |
52 | 55 | ||
@@ -54,7 +57,9 @@ if ($CONFIG['graph_type'] == 'canvas') { | |||
54 | chdir($CONFIG['webdir']); | 57 | chdir($CONFIG['webdir']); |
55 | include $CONFIG['webdir'].'/graph.php'; | 58 | include $CONFIG['webdir'].'/graph.php'; |
56 | } else { | 59 | } else { |
57 | printf('<img src="%s%s">'."\n", $CONFIG['weburl'], build_url('graph.php', $_GET)); | 60 | printf("<img src=\"%s%s\">\n", |
61 | htmlentities($CONFIG['weburl']), | ||
62 | htmlentities(build_url('graph.php', $_GET))); | ||
58 | } | 63 | } |
59 | echo '</div>'; | 64 | echo '</div>'; |
60 | echo "</fieldset>\n"; | 65 | echo "</fieldset>\n"; |