diff options
author | Peter Wu | 2014-07-20 23:23:17 +0200 |
---|---|---|
committer | Peter Wu | 2014-07-20 23:23:17 +0200 |
commit | c7283e1cae6bbdc13464a77ae7f22bd9489fe089 (patch) | |
tree | ffc767ddc0392b286d5cec0f053cf09796333077 /type | |
parent | graph: don't overwrite config rrdtool_opts by rrdtool_opts from json plugin (diff) | |
download | apt-panopticon_cgp-c7283e1cae6bbdc13464a77ae7f22bd9489fe089.zip apt-panopticon_cgp-c7283e1cae6bbdc13464a77ae7f22bd9489fe089.tar.gz apt-panopticon_cgp-c7283e1cae6bbdc13464a77ae7f22bd9489fe089.tar.bz2 apt-panopticon_cgp-c7283e1cae6bbdc13464a77ae7f22bd9489fe089.tar.xz |
Defensive programming: more urlencode/htmlentities
Make build_url return an URL, not HTML. This separates presentation
from data.
plugin_header's return value is unused, remove the unnecessary return.
At places where `printf("<tag att='%s'>", $x);` is used, it is now
converted to `printf("<tag att=\"%s\">", htmlentities($x));` since
the single quote is not escaped by default by htmlentities.
In case the canvas style is used, JS should use `textContent` instead
of `innerHTML` to avoid reading `"` instead of `"`. Nobody (should)
use(s) IE6 anymore, so it is a safe change.
While at it, use the standard charset attribute of meta to specify
the character set (UTF-8).
Diffstat (limited to 'type')
-rw-r--r-- | type/Base.class.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/type/Base.class.php b/type/Base.class.php index b74c1b1..ff9a235 100644 --- a/type/Base.class.php +++ b/type/Base.class.php | |||
@@ -203,14 +203,14 @@ class Type_Base { | |||
203 | case 'cmd': | 203 | case 'cmd': |
204 | print '<pre>'; | 204 | print '<pre>'; |
205 | foreach ($graphdata as $d) { | 205 | foreach ($graphdata as $d) { |
206 | printf("%s \\\n", $d); | 206 | printf("%s \\\n", htmlentities($d)); |
207 | } | 207 | } |
208 | print '</pre>'; | 208 | print '</pre>'; |
209 | break; | 209 | break; |
210 | case 'canvas': | 210 | case 'canvas': |
211 | printf('<canvas id="%s" class="rrd">', sha1(serialize($graphdata))); | 211 | printf('<canvas id="%s" class="rrd">', sha1(serialize($graphdata))); |
212 | foreach ($graphdata as $d) { | 212 | foreach ($graphdata as $d) { |
213 | printf("%s\n", $d); | 213 | printf("%s\n", htmlentities($d)); |
214 | } | 214 | } |
215 | print '</canvas>'; | 215 | print '</canvas>'; |
216 | break; | 216 | break; |