135/netdisco
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Enforce escaping on all template content

Browse Source
This commit is contained in:
Oliver Gorwits
2019-09-23 14:22:00 +01:00
parent 5f378a39ea
commit deb9b62c7f
77 changed files with 392 additions and 387 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
share/views/ajax/search/node_by_ip.tt
View File

@@ -16,16 +16,16 @@
[% WHILE (row = macs.next) %]
[% IF row.nbname %]
<tr>
<td>MAC: <a href="[% search_node %]&q=[% row.net_mac.$mac_format_call | uri %]">
<td>MAC: <a href="[% search_node | none %]&q=[% row.net_mac.$mac_format_call | uri %]">
[% row.net_mac.$mac_format_call | html_entity %]</a>
[% IF params.show_vendor %]
( <a href="[% uri_for('/report/nodevendor') %]?vendor=[% row.oui.abbrev | uri %]">
( <a href="[% uri_for('/report/nodevendor') | none %]?vendor=[% row.oui.abbrev | uri %]">
[% row.oui.company | html_entity %]</a> )
[% END %]
</td>
<td>NetBIOS</td>
<td class="nd_linkcell nd_center-cell">\\<a href="[% uri_for('/report/netbios') %]?domain=[% row.domain | uri %]" title="Devices in this Domain">[% row.domain | html_entity %]</a>\<a href="[% search_node %]&q=[% row.nbname | uri %]">[% row.nbname | html_entity %]</a>
<br>[% row.nbuser || '[No User]' | html_entity %]@<a href="[% search_node %]&q=[% row.ip | uri %]">[% row.ip | html_entity %]</a>
<td class="nd_linkcell nd_center-cell">\\<a href="[% uri_for('/report/netbios') | none %]?domain=[% row.domain | uri %]" title="Devices in this Domain">[% row.domain | html_entity %]</a>\<a href="[% search_node | none %]&q=[% row.nbname | uri %]">[% row.nbname | html_entity %]</a>
<br>[% row.nbuser || '[No User]' | html_entity %]@<a href="[% search_node | none %]&q=[% row.ip | uri %]">[% row.ip | html_entity %]</a>
</td>
[% IF params.stamps %]
<td>[% row.time_first_stamp | html_entity %]</td>
@@ -34,16 +34,16 @@
</tr>
[% ELSE %]
<tr>
<td>MAC: <a href="[% search_node %]&q=[% row.net_mac.$mac_format_call | uri %]">
<td>MAC: <a href="[% search_node | none %]&q=[% row.net_mac.$mac_format_call | uri %]">
[% row.net_mac.$mac_format_call | html_entity %]</a>
[% IF params.show_vendor %]
( <a href="[% uri_for('/report/nodevendor') %]?vendor=[% row.oui.abbrev | uri %]">
( <a href="[% uri_for('/report/nodevendor') | none %]?vendor=[% row.oui.abbrev | uri %]">
[% row.oui.company | html_entity %]</a> )
[% END %]
</td>
<td>IP &rarr; MAC</td>
<td class="nd_center-cell">
<a href="[% search_node %]&q=[% row.ip | uri %]">[% row.ip | html_entity %]</a>
<a href="[% search_node | none %]&q=[% row.ip | uri %]">[% row.ip | html_entity %]</a>
[% '&nbsp;<i class="icon-book text-warning"></i>&nbsp;' IF NOT row.active %]
[% ' (' _ row.dns.remove(settings.domain_suffix) _ ')' IF row.dns %]
</td>
@@ -55,16 +55,16 @@
[% END %]
[% FOREACH nbt IN row.netbios %]
<tr>
<td>MAC: <a href="[% search_node %]&q=[% nbt.net_mac.$mac_format_call | uri %]">
<td>MAC: <a href="[% search_node | none %]&q=[% nbt.net_mac.$mac_format_call | uri %]">
[% nbt.net_mac.$mac_format_call | html_entity %]</a>
[% IF params.show_vendor %]
( <a href="[% uri_for('/report/nodevendor') %]?vendor=[% nbt.oui.abbrev | uri %]">
( <a href="[% uri_for('/report/nodevendor') | none %]?vendor=[% nbt.oui.abbrev | uri %]">
[% nbt.oui.company | html_entity %]</a> )
[% END %]
</td>
<td>NetBIOS</td>
<td class="nd_linkcell nd_center-cell">\\<a href="[% uri_for('/report/netbios') %]?domain=[% nbt.domain | uri %]" title="Devices in this Domain">[% nbt.domain | html_entity %]</a>\<a href="[% search_node %]&q=[% nbt.nbname | uri %]">[% nbt.nbname | html_entity %]</a>
<br>[% nbt.nbuser || '[No User]' | html_entity %]@<a href="[% search_node %]&q=[% nbt.ip | uri %]">[% nbt.ip | html_entity %]</a>
<td class="nd_linkcell nd_center-cell">\\<a href="[% uri_for('/report/netbios') | none %]?domain=[% nbt.domain | uri %]" title="Devices in this Domain">[% nbt.domain | html_entity %]</a>\<a href="[% search_node | none %]&q=[% nbt.nbname | uri %]">[% nbt.nbname | html_entity %]</a>
<br>[% nbt.nbuser || '[No User]' | html_entity %]@<a href="[% search_node | none %]&q=[% nbt.ip | uri %]">[% nbt.ip | html_entity %]</a>
</td>
[% IF params.stamps %]
<td>[% date.format(nbt.time_first) | html_entity %]</td>
@@ -74,16 +74,16 @@
[% END %]
[% FOREACH ni IN row.nodeips %]
<tr>
<td>MAC: <a href="[% search_node %]&q=[% ni.net_mac.$mac_format_call | uri %]">
<td>MAC: <a href="[% search_node | none %]&q=[% ni.net_mac.$mac_format_call | uri %]">
[% ni.net_mac.$mac_format_call | html_entity %]</a>
[% IF params.show_vendor %]
( <a href="[% uri_for('/report/nodevendor') %]?vendor=[% ni.oui.abbrev | uri %]">
( <a href="[% uri_for('/report/nodevendor') | none %]?vendor=[% ni.oui.abbrev | uri %]">
[% ni.oui.company | html_entity %]</a> )
[% END %]
</td>
<td>IP &rarr; MAC</td>
<td class="nd_center-cell">
<a href="[% search_node %]&q=[% ni.ip | uri %]">[% ni.ip | html_entity %]</a>
<a href="[% search_node | none %]&q=[% ni.ip | uri %]">[% ni.ip | html_entity %]</a>
[% '&nbsp;<i class="icon-book text-warning"></i>&nbsp;' IF NOT ni.active %]
[% ' (' _ ni.dns.remove(settings.domain_suffix) _ ')' IF ni.dns %]
</td>
@@ -95,23 +95,23 @@
[% END %]
[% FOREACH node IN row.node_sightings(archive_filter) %]
<tr>
<td>MAC: <a href="[% search_node %]&q=[% node.net_mac.$mac_format_call | uri %]">
<td>MAC: <a href="[% search_node | none %]&q=[% node.net_mac.$mac_format_call | uri %]">
[% node.net_mac.$mac_format_call | html_entity %]</a>
[% IF params.show_vendor %]
( <a href="[% uri_for('/report/nodevendor') %]?vendor=[% node.oui.abbrev | uri %]">
( <a href="[% uri_for('/report/nodevendor') | none %]?vendor=[% node.oui.abbrev | uri %]">
[% node.oui.company | html_entity %]</a> )
[% END %]
</td>
<td>Switch Port</td>
<td class="nd_center-cell">
<a class="nd_linkcell"
href="[% device_ports %]&q=[% node.switch | uri %]&f=[% node.port | uri %]&c_nodes=on&c_neighbors=on&prefer=port">
href="[% device_ports | none %]&q=[% node.switch | uri %]&f=[% node.port | uri %]&c_nodes=on&c_neighbors=on&prefer=port">
[% node.switch | html_entity %] - [% node.port | html_entity %]
[% '&nbsp;<i class="icon-book text-warning"></i>' IF NOT node.active %]</a>
[% IF node.device.dns AND node.device_port AND node.device_port.name %]
([% node.device.dns | html_entity %] - [% node.device_port.name | html_entity %])
[% END %]
on vlan [% node.vlan %]
on vlan [% node.vlan | html_entity %]
</td>
[% IF params.stamps %]
<td>[% node.time_first_stamp | html_entity %]</td>
@@ -120,10 +120,10 @@
</tr>
[% FOREACH wlan IN node.wireless %]
<tr>
<td>MAC: <a href="[% search_node %]&q=[% wlan.net_mac.$mac_format_call | uri %]">
<td>MAC: <a href="[% search_node | none %]&q=[% wlan.net_mac.$mac_format_call | uri %]">
[% wlan.net_mac.$mac_format_call | html_entity %]</a>
[% IF params.show_vendor %]
( <a href="[% uri_for('/report/nodevendor') %]?vendor=[% wlan.oui.abbrev | uri %]">
( <a href="[% uri_for('/report/nodevendor') | none %]?vendor=[% wlan.oui.abbrev | uri %]">
[% wlan.oui.company | html_entity %]</a> )
[% END %]
</td>
@@ -143,16 +143,16 @@
[% END %]
[% FOREACH nodeip IN row.ip_aliases(archive_filter) %]
<tr>
<td>MAC: <a href="[% search_node %]&q=[% nodeip.net_mac.$mac_format_call | uri %]">
<td>MAC: <a href="[% search_node | none %]&q=[% nodeip.net_mac.$mac_format_call | uri %]">
[% nodeip.net_mac.$mac_format_call | html_entity %]</a>
[% IF params.show_vendor %]
( <a href="[% uri_for('/report/nodevendor') %]?vendor=[% nodeip.oui.abbrev | uri %]">
( <a href="[% uri_for('/report/nodevendor') | none %]?vendor=[% nodeip.oui.abbrev | uri %]">
[% nodeip.oui.company | html_entity %]</a> )
[% END %]
</td>
<td>MAC &rarr; IP</td>
<td class="nd_center-cell">
<a href="[% search_node %]&q=[% nodeip.ip | uri %]">[% nodeip.ip | html_entity %]</a>
<a href="[% search_node | none %]&q=[% nodeip.ip | uri %]">[% nodeip.ip | html_entity %]</a>
[% '&nbsp;<i class="icon-book text-warning"></i>&nbsp;' IF NOT nodeip.active %]
[% ' (' _ nodeip.dns.remove(settings.domain_suffix) _ ')' IF nodeip.dns %]
</td>