135/netdisco
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Enforce escaping on all template content

Browse Source
This commit is contained in:
Oliver Gorwits
2019-09-23 14:22:00 +01:00
parent 5f378a39ea
commit deb9b62c7f
77 changed files with 392 additions and 387 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
share/views/ajax/admintask/duplicatedevices.tt
View File

@@ -21,7 +21,7 @@
[% SET count = count + 1 %]
<tr>
<td class="nd_center-cell"><a class="nd_linkcell"
href="[% uri_for('/device') %]?tab=details&q=[% row.ip | uri %]">[% row.ip | html_entity %]</a>
href="[% uri_for('/device') | none %]?tab=details&q=[% row.ip | uri %]">[% row.ip | html_entity %]</a>
[% row.dns | html_entity %]</td>
<td class="nd_center-cell">[% row.contact | html_entity %]</td>
<td class="nd_center-cell">[% row.location | html_entity %]</td>
@@ -33,15 +33,15 @@
<td class="nd_center-cell">
<button class="btn btn-danger btn-small"
data-toggle="modal" data-target="#nd_devdel-[% count %]" type="button">
data-toggle="modal" data-target="#nd_devdel-[% count | html_entity %]" type="button">
<i class="icon-trash text-danger"></i>
</button>
<div id="nd_devdel-[% count %]" class="nd_modal nd_deep-horizon modal hide fade" tabindex="-1"
role="dialog" aria-labelledby="nd_devdel-label-[% count %]" aria-hidden="true">
<div id="nd_devdel-[% count | html_entity %]" class="nd_modal nd_deep-horizon modal hide fade" tabindex="-1"
role="dialog" aria-labelledby="nd_devdel-label-[% count | html_entity %]" aria-hidden="true">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">x</button>
<h3 id="nd_devdel-label-[% count %]">Confirm Delete: [% row.ip || row.dns | html_entity %]</h3>
<h3 id="nd_devdel-label-[% count | html_entity %]">Confirm Delete: [% row.ip || row.dns | html_entity %]</h3>
</div>
<div class="modal-body">
<blockquote>

4
share/views/ajax/admintask/jobqueue.tt
View File

@@ -37,9 +37,9 @@
[% END %]
<td class="nd_center-cell">
[% IF row.action == 'discover' AND row.status == 'error' %]
<a href="[% uri_for('/') %]?device=[% row.device | uri %]">[% row.device | html_entity %]</a>
<a href="[% uri_for('/') | none %]?device=[% row.device | uri %]">[% row.device | html_entity %]</a>
[% ELSE %]
<a href="[% uri_for('/device') %]?q=[% row.device | uri %]">[% row.target.dns || row.device | html_entity %]</a>
<a href="[% uri_for('/device') | none %]?q=[% row.device | uri %]">[% row.target.dns || row.device | html_entity %]</a>
[% END %]
</td>
<td class="nd_center-cell">[% row.port | html_entity %]</td>

8
share/views/ajax/admintask/nodemonitor.tt
View File

@@ -48,13 +48,13 @@
<button class="btn nd_adminbutton" name="update" type="submit"><i class="icon-save text-warning"></i></button>
<button class="btn" data-toggle="modal"
data-target="#nd_devdel-[% count %]" type="button"><i class="icon-trash text-error"></i></button>
data-target="#nd_devdel-[% count | html_entity %]" type="button"><i class="icon-trash text-error"></i></button>
<div id="nd_devdel-[% count %]" class="nd_modal nd_deep-horizon modal hide fade" tabindex="-1"
role="dialog" aria-labelledby="nd_devdel-label-[% count %]" aria-hidden="true">
<div id="nd_devdel-[% count | html_entity %]" class="nd_modal nd_deep-horizon modal hide fade" tabindex="-1"
role="dialog" aria-labelledby="nd_devdel-label-[% count | html_entity %]" aria-hidden="true">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">x</button>
<h3 id="nd_devdel-label-[% count %]">Are you sure?</h3>
<h3 id="nd_devdel-label-[% count | html_entity %]">Are you sure?</h3>
</div>
<div class="modal-body">
<blockquote>

12
share/views/ajax/admintask/orphaned.tt
View File

@@ -22,11 +22,11 @@
<tbody>
[% FOREACH row IN orphans %]
<tr>
<td><a href="[% uri_for('/device') %]?q=[% row.ip | uri %]">
<td><a href="[% uri_for('/device') | none %]?q=[% row.ip | uri %]">
[% row.dns || row.name || row.ip | html_entity %]</a></td>
<td>
[% IF row.location %]
<a href="[% search_device %]&q=[% row.location | uri %]&location=[% row.location | uri %]">
<a href="[% search_device | none %]&q=[% row.location | uri %]&location=[% row.location | uri %]">
[% row.location | html_entity %]</a>
[% ELSE %]
[Not Set]
@@ -55,12 +55,12 @@
[% NEXT IF count == 1 %]
<div class="accordion-group">
<div class="accordion-heading">
<a class="accordion-toggle" data-toggle="collapse" data-target="#collapse-[% count %]" href="#collapse-[% count %]">
<a class="accordion-toggle" data-toggle="collapse" data-target="#collapse-[% count | html_entity %]" href="#collapse-[% count | html_entity %]">
<i class="icon-chevron-up"></i> &nbsp;
Orphaned Network: [% count - 1 | html_entity %] Size: [% network.size | html_entity %] Devices
</a>
</div>
<div id="collapse-[% count %]" class="accordion-body collapse">
<div id="collapse-[% count | html_entity %]" class="accordion-body collapse">
<div class="accordion-inner">
<table class="table table-bordered table-condensed">
<thead>
@@ -75,11 +75,11 @@
<tbody>
[% FOREACH row IN network %]
<tr>
<td><a href="[% uri_for('/device') %]?tab=netmap&q=[% row.ip | uri %]&firstsearch=on">
<td><a href="[% uri_for('/device') | none %]?tab=netmap&q=[% row.ip | uri %]&firstsearch=on">
[% row.dns || row.name || row.ip | html_entity %]</a></td>
<td>
[% IF row.location %]
<a href="[% search_device %]&q=[% row.location | uri %]&location=[% row.location | uri %]">
<a href="[% search_device | none %]&q=[% row.location | uri %]&location=[% row.location | uri %]">
[% row.location | html_entity %]</a>
[% ELSE %]
[Not Set]

10
share/views/ajax/admintask/pseudodevice.tt
View File

@@ -27,7 +27,7 @@
[% SET count = count + 1 %]
<tr>
<td class="nd_center-cell"><a class="nd_linkcell"
href="[% uri_for('/device') %]?q=[% row.ip | uri %]">[% row.dns | html_entity %]</a></td>
href="[% uri_for('/device') | none %]?q=[% row.ip | uri %]">[% row.dns | html_entity %]</a></td>
<td class="nd_center-cell">[% row.ip | html_entity %]</td>
<td class="nd_center-cell">
<input data-form="update" name="ports" type="number" value="[% row.port_count | html_entity %]">
@@ -43,13 +43,13 @@
<button class="btn nd_adminbutton" name="update" type="submit"><i class="icon-save text-warning"></i></button>
<button class="btn" data-toggle="modal"
data-target="#nd_devdel-[% count %]" type="button"><i class="icon-trash text-error"></i></button>
data-target="#nd_devdel-[% count | html_entity %]" type="button"><i class="icon-trash text-error"></i></button>
<div id="nd_devdel-[% count %]" class="nd_modal nd_deep-horizon modal hide fade" tabindex="-1"
role="dialog" aria-labelledby="nd_devdel-label-[% count %]" aria-hidden="true">
<div id="nd_devdel-[% count | html_entity %]" class="nd_modal nd_deep-horizon modal hide fade" tabindex="-1"
role="dialog" aria-labelledby="nd_devdel-label-[% count | html_entity %]" aria-hidden="true">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">x</button>
<h3 id="nd_devdel-label-[% count %]">Are you sure?</h3>
<h3 id="nd_devdel-label-[% count | html_entity %]">Are you sure?</h3>
</div>
<div class="modal-body">
<blockquote>

2
share/views/ajax/admintask/slowdevices.tt
View File

@@ -16,7 +16,7 @@
<tr>
<td class="nd_center-cell">[% row.action.ucfirst | html_entity %]</td>
<td class="nd_center-cell"><a class="nd_linkcell"
href="[% uri_for('/device') %]?q=[% row.device | uri %]">[% row.device | html_entity %]</a></td>
href="[% uri_for('/device') | none %]?q=[% row.device | uri %]">[% row.device | html_entity %]</a></td>
<td class="nd_center-cell">[% row.started | html_entity %]</td>
<td class="nd_center-cell">[% row.finished | html_entity %]</td>
<td class="nd_center-cell">[% row.elapsed | html_entity %]</td>

2
share/views/ajax/admintask/timedoutdevices.tt
View File

@@ -17,7 +17,7 @@
<tr>
<td class="nd_center-cell">[% row.backend | html_entity %]</td>
<td class="nd_center-cell"><a class="nd_linkcell"
href="[% uri_for('/search') %]?tab=node&q=[% row.device | uri %]">[% row.device | html_entity %]</a></td>
href="[% uri_for('/search') | none %]?tab=node&q=[% row.device | uri %]">[% row.device | html_entity %]</a></td>
<td class="nd_center-cell">[% row.dns | html_entity %]</td>
<td class="nd_center-cell">[% row.deferrals | html_entity %]</td>
<td class="nd_center-cell">[% row.last_defer | html_entity %]</td>

12
share/views/ajax/admintask/topology.tt
View File

@@ -42,22 +42,22 @@
[% WHILE (row = results.next) %]
[% SET count = count + 1 %]
<tr>
<td class="nd_center-cell"><a class="nd_linkcell" href="[% uri_for('/device') %]?q=[% row.device1.ip | uri %]">
<td class="nd_center-cell"><a class="nd_linkcell" href="[% uri_for('/device') | none %]?q=[% row.device1.ip | uri %]">
[% (row.device1.dns || row.device1.name || row.device1.ip) | html_entity %]</a>
</td>
<td class="nd_center-cell">[% row.port1 | html_entity %]</td>
<td class="nd_center-cell"><a class="nd_linkcell" href="[% uri_for('/device') %]?q=[% row.device2.ip | uri %]">
<td class="nd_center-cell"><a class="nd_linkcell" href="[% uri_for('/device') | none %]?q=[% row.device2.ip | uri %]">
[% (row.device2.dns || row.device2.name || row.device2.ip) | html_entity %]</a></td>
<td class="nd_center-cell">[% row.port2 | html_entity %]</td>
<td class="nd_center-cell">
<button class="btn" data-toggle="modal"
data-target="#nd_devdel-[% count %]" type="button"><i class="icon-trash text-error"></i></button>
data-target="#nd_devdel-[% count | html_entity %]" type="button"><i class="icon-trash text-error"></i></button>
<div id="nd_devdel-[% count %]" class="nd_modal nd_deep-horizon modal hide fade" tabindex="-1"
role="dialog" aria-labelledby="nd_devdel-label-[% count %]" aria-hidden="true">
<div id="nd_devdel-[% count | html_entity %]" class="nd_modal nd_deep-horizon modal hide fade" tabindex="-1"
role="dialog" aria-labelledby="nd_devdel-label-[% count | html_entity %]" aria-hidden="true">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">x</button>
<h3 id="nd_devdel-label-[% count %]">Are you sure?</h3>
<h3 id="nd_devdel-label-[% count | html_entity %]">Are you sure?</h3>
</div>
<div class="modal-body">
<blockquote>

6
share/views/ajax/admintask/undiscoveredneighbors.tt
View File

@@ -11,14 +11,14 @@
[% FOREACH row IN results %]
[% NEXT IF NOT row.remote_ip %]
<tr>
<td nowrap><a href="[% device_ports %]&q=[% row.ip | uri %]">
<td nowrap><a href="[% device_ports | none %]&q=[% row.ip | uri %]">
[% row.dns || row.name || row.ip | html_entity %]</a><br>
<a href="[% device_ports %]&q=[% row.ip | uri %]&f=[% row.port | uri %]">
<a href="[% device_ports | none %]&q=[% row.ip | uri %]&f=[% row.port | uri %]">
[% row.port | html_entity %]</a>
[% IF row.port_description %]<br>[% row.port_description | html_entity %][% END %]
[% IF row.comment %]<br>&quot;<em>[% row.comment | html_entity %]</em>&quot;[% END %]
</td>
<td nowrap><a href="[% search_node %]&q=[% row.remote_ip | uri %]">
<td nowrap><a href="[% search_node | none %]&q=[% row.remote_ip | uri %]">
[% row.remote_ip | html_entity %]</a><br>
[% row.remote_port | html_entity %]</td>
<td>[% row.remote_id | html_entity %]<br>

2
share/views/ajax/admintask/userlog.tt
View File

@@ -19,7 +19,7 @@ $(document).ready(function() {
$('#aul-data-table').dataTable( {
"serverSide": true,
"order": [[ 0, "desc" ]],
"ajax": "[% uri_for('/ajax/control/admin/userlog/data') %]",
"ajax": "[% uri_for('/ajax/control/admin/userlog/data') | none %]",
"columns": [{
"data": 'creation',
"className": "nd_center-cell",

8
share/views/ajax/admintask/users.tt
View File

@@ -66,13 +66,13 @@
<button class="btn nd_adminbutton" name="update" type="submit"><i class="icon-save text-warning"></i></button>
<button class="btn" data-toggle="modal"
data-target="#nd_devdel-[% count %]" type="button"><i class="icon-trash text-error"></i></button>
data-target="#nd_devdel-[% count | html_entity %]" type="button"><i class="icon-trash text-error"></i></button>
<div id="nd_devdel-[% count %]" class="nd_modal nd_deep-horizon modal hide fade" tabindex="-1"
role="dialog" aria-labelledby="nd_devdel-label-[% count %]" aria-hidden="true">
<div id="nd_devdel-[% count | html_entity %]" class="nd_modal nd_deep-horizon modal hide fade" tabindex="-1"
role="dialog" aria-labelledby="nd_devdel-label-[% count | html_entity %]" aria-hidden="true">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">x</button>
<h3 id="nd_devdel-label-[% count %]">Are you sure?</h3>
<h3 id="nd_devdel-label-[% count | html_entity %]">Are you sure?</h3>
</div>
<div class="modal-body">
<blockquote>