From ccd2de0651295db839d4062c85625c4c2552ee6b Mon Sep 17 00:00:00 2001 From: Oliver Gorwits Date: Thu, 7 Dec 2023 15:45:50 +0000 Subject: [PATCH] better approach to HTML entity encoding in custom report searchable fields --- lib/App/Netdisco/Web/GenericReport.pm | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) diff --git a/lib/App/Netdisco/Web/GenericReport.pm b/lib/App/Netdisco/Web/GenericReport.pm index 86eee9f2..b6faa34d 100644 --- a/lib/App/Netdisco/Web/GenericReport.pm +++ b/lib/App/Netdisco/Web/GenericReport.pm @@ -82,7 +82,6 @@ foreach my $report (@{setting('reports')}) { my $rev4 = RE_net_IPv4(-keep); my $rev6 = RE_net_IPv6(-keep); my $remac = RE_net_MAC(-keep); - #my $redom = RE_net_domain(-keep, -nospace, -rfc1101); foreach my $row (@results) { foreach my $col (@column_order) { @@ -90,28 +89,23 @@ foreach my $report (@{setting('reports')}) { my $fields = (ref $row->{$col} ? $row->{$col} : [$row->{$col}]); foreach my $f (@$fields) { - # seems too sensitive match to be useful :-( - #$f =~ s!\b${redom}\b!'path_query - # .'">'. encode_entities($1 .($2 ? "/$2" : '')) .''!gex; + + encode_entities($f); $f =~ s!\b${recidr4}\b!'path_query - .'">'. encode_entities("$1/$2") .''!gex; + .qq{">$1/$2}!gex; if (not $1 and not $2) { $f =~ s!\b${rev4}\b!''. encode_entities($1) .''!gex; + uri_for('/search', {q => $1})->path_query .qq{">$1}!gex; } $f =~ s!\b${rev6}\b!''. encode_entities($1) .''!gex; + uri_for('/search', {q => $1})->path_query .qq{">$1}!gex; $f =~ s!\b${remac}\b!''. encode_entities($1) .''!gex; + uri_for('/search', {q => $1})->path_query .qq{">$1}!gex; $row->{$col} = $f if not ref $row->{$col}; }