Defensive programming: more urlencode/htmlentities

Make build_url return an URL, not HTML. This separates presentation from data. plugin_header's return value is unused, remove the unnecessary return. At places where `printf("<tag att='%s'>", $x);` is used, it is now converted to `printf("<tag att=\"%s\">", htmlentities($x));` since the single quote is not escaped by default by htmlentities. In case the canvas style is used, JS should use `textContent` instead of `innerHTML` to avoid reading `"` instead of `"`. Nobody (should) use(s) IE6 anymore, so it is a safe change. While at it, use the standard charset attribute of meta to specify the character set (UTF-8).
author: Peter Wu 2014-07-20 23:23:17 +0200
committer: Peter Wu 2014-07-20 23:23:17 +0200
commit: c7283e1cae6bbdc13464a77ae7f22bd9489fe089 (patch)
tree: ffc767ddc0392b286d5cec0f053cf09796333077 /type/Base.class.php
parent: graph: don't overwrite config rrdtool_opts by rrdtool_opts from json plugin (diff)
download: apt-panopticon_cgp-c7283e1cae6bbdc13464a77ae7f22bd9489fe089.zip
apt-panopticon_cgp-c7283e1cae6bbdc13464a77ae7f22bd9489fe089.tar.gz
apt-panopticon_cgp-c7283e1cae6bbdc13464a77ae7f22bd9489fe089.tar.bz2
apt-panopticon_cgp-c7283e1cae6bbdc13464a77ae7f22bd9489fe089.tar.xz
1 files changed, 2 insertions, 2 deletions
diff --git a/type/Base.class.php b/type/Base.class.php
index b74c1b1..ff9a235 100644
--- a/type/Base.class.php
+++ b/type/Base.class.php
@@ -203,14 +203,14 @@ class Type_Base {
                        case 'cmd':
                                print '<pre>';
                                foreach ($graphdata as $d) {
-                                        printf("%s \\\n", $d);
+                                        printf("%s \\\n", htmlentities($d));
                                }
                                print '</pre>';
                        break;
                        case 'canvas':
                                printf('<canvas id="%s" class="rrd">', sha1(serialize($graphdata)));
                                foreach ($graphdata as $d) {
-                                        printf("%s\n", $d);
+                                        printf("%s\n", htmlentities($d));
                                }
                                print '</canvas>';
                        break;
author	Peter Wu	2014-07-20 23:23:17 +0200
committer	Peter Wu	2014-07-20 23:23:17 +0200
commit	c7283e1cae6bbdc13464a77ae7f22bd9489fe089 (patch)
tree	ffc767ddc0392b286d5cec0f053cf09796333077 /type/Base.class.php
parent	graph: don't overwrite config rrdtool_opts by rrdtool_opts from json plugin (diff)
download	apt-panopticon_cgp-c7283e1cae6bbdc13464a77ae7f22bd9489fe089.zip apt-panopticon_cgp-c7283e1cae6bbdc13464a77ae7f22bd9489fe089.tar.gz apt-panopticon_cgp-c7283e1cae6bbdc13464a77ae7f22bd9489fe089.tar.bz2 apt-panopticon_cgp-c7283e1cae6bbdc13464a77ae7f22bd9489fe089.tar.xz

diff --git a/type/Base.class.php b/type/Base.class.php index b74c1b1..ff9a235 100644 --- a/type/Base.class.php +++ b/type/Base.class.php
@@ -203,14 +203,14 @@ class Type_Base {
203	case 'cmd':	203	case 'cmd':
204	print '<pre>';	204	print '<pre>';
205	foreach ($graphdata as $d) {	205	foreach ($graphdata as $d) {
206	printf("%s \\\n", $d);	206	printf("%s \\\n", htmlentities($d));
207	}	207	}
208	print '</pre>';	208	print '</pre>';
209	break;	209	break;
210	case 'canvas':	210	case 'canvas':
211	printf('<canvas id="%s" class="rrd">', sha1(serialize($graphdata)));	211	printf('<canvas id="%s" class="rrd">', sha1(serialize($graphdata)));
212	foreach ($graphdata as $d) {	212	foreach ($graphdata as $d) {
213	printf("%s\n", $d);	213	printf("%s\n", htmlentities($d));
214	}	214	}
215	print '</canvas>';	215	print '</canvas>';
216	break;	216	break;