135/netdisco
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Enforce escaping on all template content

Browse Source
This commit is contained in:
Oliver Gorwits
2019-09-23 14:22:00 +01:00
parent 5f378a39ea
commit deb9b62c7f
77 changed files with 392 additions and 387 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
share/views/ajax/search/node_by_mac.tt
View File

@@ -15,15 +15,15 @@
[% WHILE (row = ips.next) %]
<tr>
<td>
MAC: <a href="[% search_node %]&q=[% row.net_mac.$mac_format_call | uri %]">
MAC: <a href="[% search_node | none %]&q=[% row.net_mac.$mac_format_call | uri %]">
[% row.net_mac.$mac_format_call | html_entity %]</a>
[% IF params.show_vendor %]
( <a href="[% uri_for('/report/nodevendor') %]?vendor=[% row.oui.abbrev | uri %]">
( <a href="[% uri_for('/report/nodevendor') | none %]?vendor=[% row.oui.abbrev | uri %]">
[% row.oui.company | html_entity %]</a> )
[% END %]
</td>
<td>MAC &rarr; IP</td>
<td class="nd_center-cell"><a href="[% search_node %]&q=[% row.ip | uri %]">[% row.ip | html_entity %]</a>
<td class="nd_center-cell"><a href="[% search_node | none %]&q=[% row.ip | uri %]">[% row.ip | html_entity %]</a>
[% '&nbsp;<i class="icon-book text-warning"></i>&nbsp;' IF NOT row.active %]
[% ' (' _ row.dns.remove(settings.domain_suffix) _ ')' IF row.dns %]
</td>
@@ -36,22 +36,22 @@
[% WHILE (node = sightings.next) %]
<tr>
<td>
MAC: <a href="[% search_node %]&q=[% node.net_mac.$mac_format_call | uri %]">
MAC: <a href="[% search_node | none %]&q=[% node.net_mac.$mac_format_call | uri %]">
[% node.net_mac.$mac_format_call | html_entity %]</a>
[% IF params.show_vendor %]
( <a href="[% uri_for('/report/nodevendor') %]?vendor=[% node.oui.abbrev | uri %]">
( <a href="[% uri_for('/report/nodevendor') | none %]?vendor=[% node.oui.abbrev | uri %]">
[% node.oui.company | html_entity %]</a> )
[% END %]
</td>
<td>Switch Port</td>
<td class="nd_center-cell">
<a href="[% device_ports %]&q=[% node.switch | uri %]&f=[% node.port | uri %]&c_nodes=on&c_neighbors=on&prefer=port">
<a href="[% device_ports | none %]&q=[% node.switch | uri %]&f=[% node.port | uri %]&c_nodes=on&c_neighbors=on&prefer=port">
[% node.switch | html_entity %] - [% node.port | html_entity %]</a>
[% '&nbsp;<i class="icon-book text-warning"></i>&nbsp;' IF NOT node.active %]
[% IF node.device.dns AND node.device_port AND node.device_port.name %]
([% node.device.dns | html_entity %] - [% node.device_port.name | html_entity %])
[% END %]
on vlan [% node.vlan %]
on vlan [% node.vlan | html_entity %]
</td>
[% IF params.stamps %]
<td>[% node.time_first_stamp | html_entity %]</td>
@@ -62,15 +62,15 @@
[% WHILE (port = ports.next) %]
<tr>
<td>
MAC: <a href="[% search_node %]&q=[% port.net_mac.$mac_format_call | uri %]">[% port.net_mac.$mac_format_call | html_entity %]</a>
MAC: <a href="[% search_node | none %]&q=[% port.net_mac.$mac_format_call | uri %]">[% port.net_mac.$mac_format_call | html_entity %]</a>
[% IF params.show_vendor %]
( <a href="[% uri_for('/report/nodevendor') %]?vendor=[% port.oui.abbrev | uri %]">
( <a href="[% uri_for('/report/nodevendor') | none %]?vendor=[% port.oui.abbrev | uri %]">
[% port.oui.company | html_entity %]</a> )
[% END %]
</td>
<td>Switch Port</td>
<td class="nd_center-cell">
<a href="[% device_ports %]&q=[% port.ip | uri %]&f=[% port.port | uri %]&c_mac=on&c_nodes=on&c_neighbors=on">
<a href="[% device_ports | none %]&q=[% port.ip | uri %]&f=[% port.port | uri %]&c_mac=on&c_nodes=on&c_neighbors=on">
[% port.ip | html_entity %] - [% port.descr | html_entity %]</a>
[% IF port.device.dns AND port.name %]
([% port.device.dns | html_entity %] - [% port.name | html_entity %])
@@ -85,15 +85,15 @@
[% WHILE (nbt = netbios.next) %]
<tr>
<td>
MAC: <a href="[% search_node %]&q=[% nbt.net_mac.$mac_format_call | uri %]">[% nbt.net_mac.$mac_format_call | html_entity %]</a>
MAC: <a href="[% search_node | none %]&q=[% nbt.net_mac.$mac_format_call | uri %]">[% nbt.net_mac.$mac_format_call | html_entity %]</a>
[% IF params.show_vendor %]
( <a href="[% uri_for('/report/nodevendor') %]?vendor=[% nbt.oui.abbrev | uri %]">
( <a href="[% uri_for('/report/nodevendor') | none %]?vendor=[% nbt.oui.abbrev | uri %]">
[% nbt.oui.company | html_entity %]</a> )
[% END %]
</td>
<td>NetBIOS</td>
<td class="nd_center-cell">\\<a href="[% uri_for('/report/netbios') %]?domain=[% nbt.domain | uri %]" title="Devices in this Domain">[% nbt.domain | html_entity %]</a>\<a href="[% search_node %]&q=[% nbt.nbname | uri %]">[% nbt.nbname | html_entity %]</a>
<br>[% nbt.nbuser || '[No User]' | html_entity %]@<a href="[% search_node %]&q=[% nbt.ip | uri %]">[% nbt.ip | html_entity %]</a>
<td class="nd_center-cell">\\<a href="[% uri_for('/report/netbios') | none %]?domain=[% nbt.domain | uri %]" title="Devices in this Domain">[% nbt.domain | html_entity %]</a>\<a href="[% search_node | none %]&q=[% nbt.nbname | uri %]">[% nbt.nbname | html_entity %]</a>
<br>[% nbt.nbuser || '[No User]' | html_entity %]@<a href="[% search_node | none %]&q=[% nbt.ip | uri %]">[% nbt.ip | html_entity %]</a>
</td>
[% IF params.stamps %]
<td>[% nbt.time_first_stamp | html_entity %]</td>
@@ -104,9 +104,9 @@
[% WHILE (wlan = wireless.next) %]
<tr>
<td>
MAC: <a href="[% search_node %]&q=[% wlan.net_mac.$mac_format_call | uri %]">[% wlan.net_mac.$mac_format_call | html_entity %]</a>
MAC: <a href="[% search_node | none %]&q=[% wlan.net_mac.$mac_format_call | uri %]">[% wlan.net_mac.$mac_format_call | html_entity %]</a>
[% IF params.show_vendor %]
( <a href="[% uri_for('/report/nodevendor') %]?vendor=[% wlan.oui.abbrev | uri %]">
( <a href="[% uri_for('/report/nodevendor') | none %]?vendor=[% wlan.oui.abbrev | uri %]">
[% wlan.oui.company | html_entity %]</a> )
[% END %]
</td>