mirror of https://github.com/MISP/MISP
Sanitize::html() to h() for views is the way to go
parent
1a0586f14f
commit
e453ee0e97
|
@ -21,12 +21,12 @@
|
||||||
<?php echo h($attribute['Attribute']['type']); ?> </td>
|
<?php echo h($attribute['Attribute']['type']); ?> </td>
|
||||||
<td onclick="document.location ='<?php echo $this->Html->url(array('controller' => 'events', 'action' => 'view', $attribute['Attribute']['event_id']), true) ;?>';">
|
<td onclick="document.location ='<?php echo $this->Html->url(array('controller' => 'events', 'action' => 'view', $attribute['Attribute']['event_id']), true) ;?>';">
|
||||||
<?php
|
<?php
|
||||||
$sig_display = nl2br(Sanitize::html($attribute['Attribute']['value']));
|
$sig_display = nl2br(h($attribute['Attribute']['value']));
|
||||||
if('attachment' == $attribute['Attribute']['type'] ||
|
if('attachment' == $attribute['Attribute']['type'] ||
|
||||||
'malware-sample' == $attribute['Attribute']['type']) {
|
'malware-sample' == $attribute['Attribute']['type']) {
|
||||||
echo $this->Html->link($sig_display, array('controller' => 'attributes', 'action' => 'download', $attribute['Attribute']['id']));
|
echo $this->Html->link($sig_display, array('controller' => 'attributes', 'action' => 'download', $attribute['Attribute']['id']));
|
||||||
} elseif('link' == $attribute['Attribute']['type']) {
|
} elseif('link' == $attribute['Attribute']['type']) {
|
||||||
?><A HREF="<?php echo $attribute['Attribute']['value']?>"><?php echo $attribute['Attribute']['value']?></A><?php
|
?><A HREF="<?php echo $attribute['Attribute']['value']?>"><?php echo $attribute['Attribute']['value']?></A><?php
|
||||||
} else {
|
} else {
|
||||||
echo $sig_display;
|
echo $sig_display;
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,16 +2,16 @@
|
||||||
<?php //foreach ($events as $event): ?>
|
<?php //foreach ($events as $event): ?>
|
||||||
Event : <?php echo $event['Event']['id']; ?>
|
Event : <?php echo $event['Event']['id']; ?>
|
||||||
Date : <?php echo $event['Event']['date']; ?>
|
Date : <?php echo $event['Event']['date']; ?>
|
||||||
Reported by : <?php echo Sanitize::html($event['Event']['org']); ?>
|
Reported by : <?php echo h($event['Event']['org']); ?>
|
||||||
Risk : <?php echo $event['Event']['risk']; ?>
|
Risk : <?php echo $event['Event']['risk']; ?>
|
||||||
Attributes :
|
Attributes :
|
||||||
<?php if (!empty($event['Attribute'])):
|
<?php if (!empty($event['Attribute'])):
|
||||||
$i = 0;
|
$i = 0;
|
||||||
foreach ($event['Attribute'] as $attribute): ?>
|
foreach ($event['Attribute'] as $attribute): ?>
|
||||||
- <?php echo $attribute['type']; echo str_repeat(' ', $appendlen - 2 - strlen( $attribute['type'])); ?>
|
- <?php echo $attribute['type']; echo str_repeat(' ', $appendlen - 2 - strlen( $attribute['type'])); ?>
|
||||||
: <?php echo Sanitize::html($attribute['value']);?>
|
: <?php echo h($attribute['value']);?>
|
||||||
<?php endforeach; ?><?php endif; ?>
|
<?php endforeach; ?><?php endif; ?>
|
||||||
Extra info :
|
Extra info :
|
||||||
<?php echo Sanitize::html($event['Event']['info']); ?>
|
<?php echo h($event['Event']['info']); ?>
|
||||||
|
|
||||||
<?php //endforeach; ?>
|
<?php //endforeach; ?>
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
<th><?php echo $this->Paginator->sort('org');?></th>
|
<th><?php echo $this->Paginator->sort('org');?></th>
|
||||||
<?php endif; ?>
|
<?php endif; ?>
|
||||||
<th><?php echo $this->Paginator->sort('date');?></th>
|
<th><?php echo $this->Paginator->sort('date');?></th>
|
||||||
<th<?php echo ' title="' . $event_descriptions['risk']['desc'] . '"';?>><?php echo $this->Paginator->sort('risk');?></th>
|
<th<?php echo ' title="' . $event_descriptions['risk']['desc'] . '"';?>><?php echo $this->Paginator->sort('risk');?></th>
|
||||||
<th><?php echo $this->Paginator->sort('info');?></th>
|
<th><?php echo $this->Paginator->sort('info');?></th>
|
||||||
<?php if ('true' == Configure::read('CyDefSIG.sync')): ?>
|
<?php if ('true' == Configure::read('CyDefSIG.sync')): ?>
|
||||||
<th<?php echo ' title="' . $event_descriptions['private']['desc'] . '"';?>><?php echo $this->Paginator->sort('private');?></th>
|
<th<?php echo ' title="' . $event_descriptions['private']['desc'] . '"';?>><?php echo $this->Paginator->sort('private');?></th>
|
||||||
|
@ -23,14 +23,14 @@
|
||||||
</td>
|
</td>
|
||||||
<?php if ('true' == Configure::read('CyDefSIG.showorg') || $isAdmin): ?>
|
<?php if ('true' == Configure::read('CyDefSIG.showorg') || $isAdmin): ?>
|
||||||
<td class="short" onclick="document.location ='<?php echo $this->Html->url(array('action' => 'view', $event['Event']['id']), true) ;?>';">
|
<td class="short" onclick="document.location ='<?php echo $this->Html->url(array('action' => 'view', $event['Event']['id']), true) ;?>';">
|
||||||
<?php echo Sanitize::html($event['Event']['org']); ?> </td>
|
<?php echo h($event['Event']['org']); ?> </td>
|
||||||
<?php endif; ?>
|
<?php endif; ?>
|
||||||
<td class="short" onclick="document.location ='<?php echo $this->Html->url(array('action' => 'view', $event['Event']['id']), true) ;?>';">
|
<td class="short" onclick="document.location ='<?php echo $this->Html->url(array('action' => 'view', $event['Event']['id']), true) ;?>';">
|
||||||
<?php echo $event['Event']['date']; ?> </td>
|
<?php echo $event['Event']['date']; ?> </td>
|
||||||
<td class="short" onclick="document.location ='<?php echo $this->Html->url(array('action' => 'view', $event['Event']['id']), true) ;?>';">
|
<td class="short" onclick="document.location ='<?php echo $this->Html->url(array('action' => 'view', $event['Event']['id']), true) ;?>';">
|
||||||
<?php echo $event['Event']['risk']; ?> </td>
|
<?php echo $event['Event']['risk']; ?> </td>
|
||||||
<td onclick="document.location ='<?php echo $this->Html->url(array('action' => 'view', $event['Event']['id']), true) ;?>';">
|
<td onclick="document.location ='<?php echo $this->Html->url(array('action' => 'view', $event['Event']['id']), true) ;?>';">
|
||||||
<?php echo nl2br(Sanitize::html($event['Event']['info'])); ?> </td>
|
<?php echo nl2br(h($event['Event']['info'])); ?> </td>
|
||||||
<?php if ('true' == Configure::read('CyDefSIG.sync')): ?>
|
<?php if ('true' == Configure::read('CyDefSIG.sync')): ?>
|
||||||
<td class="short" onclick="document.location ='<?php echo $this->Html->url(array('action' => 'view', $event['Event']['id']), true) ;?>';">
|
<td class="short" onclick="document.location ='<?php echo $this->Html->url(array('action' => 'view', $event['Event']['id']), true) ;?>';">
|
||||||
<?php echo ($event['Event']['private'])? 'Private' : ''; ?> </td>
|
<?php echo ($event['Event']['private'])? 'Private' : ''; ?> </td>
|
||||||
|
|
|
@ -21,19 +21,19 @@
|
||||||
<dl>
|
<dl>
|
||||||
<dt>ID</dt>
|
<dt>ID</dt>
|
||||||
<dd>
|
<dd>
|
||||||
<?php echo Sanitize::html($event['Event']['id']); ?>
|
<?php echo h($event['Event']['id']); ?>
|
||||||
|
|
||||||
</dd>
|
</dd>
|
||||||
<?php if ('true' == Configure::read('CyDefSIG.showorg') || $isAdmin): ?>
|
<?php if ('true' == Configure::read('CyDefSIG.showorg') || $isAdmin): ?>
|
||||||
<dt>Org</dt>
|
<dt>Org</dt>
|
||||||
<dd>
|
<dd>
|
||||||
<?php echo Sanitize::html($event['Event']['org']); ?>
|
<?php echo h($event['Event']['org']); ?>
|
||||||
|
|
||||||
</dd>
|
</dd>
|
||||||
<?php endif; ?>
|
<?php endif; ?>
|
||||||
<dt>Date</dt>
|
<dt>Date</dt>
|
||||||
<dd>
|
<dd>
|
||||||
<?php echo Sanitize::html($event['Event']['date']); ?>
|
<?php echo h($event['Event']['date']); ?>
|
||||||
|
|
||||||
</dd>
|
</dd>
|
||||||
<dt<?php echo ' title="' . $event_descriptions['risk']['desc'] . '"';?>>Risk</dt>
|
<dt<?php echo ' title="' . $event_descriptions['risk']['desc'] . '"';?>>Risk</dt>
|
||||||
|
@ -55,7 +55,7 @@
|
||||||
</dd -->
|
</dd -->
|
||||||
<dt>Info</dt>
|
<dt>Info</dt>
|
||||||
<dd>
|
<dd>
|
||||||
<?php echo nl2br(Sanitize::html($event['Event']['info'])); ?>
|
<?php echo nl2br(h($event['Event']['info'])); ?>
|
||||||
|
|
||||||
</dd>
|
</dd>
|
||||||
</dl>
|
</dl>
|
||||||
|
@ -86,7 +86,7 @@
|
||||||
<?php if ('true' == Configure::read('CyDefSIG.sync')): ?>
|
<?php if ('true' == Configure::read('CyDefSIG.sync')): ?>
|
||||||
<th <?php echo "title='" . $attr_descriptions['private']['desc'] . "'";?>>Private</th>
|
<th <?php echo "title='" . $attr_descriptions['private']['desc'] . "'";?>>Private</th>
|
||||||
<?php endif;?>
|
<?php endif;?>
|
||||||
<?php if ($isAdmin || $event['Event']['org'] == $me['org']): ?>
|
<?php if ($isAdmin || $event['Event']['org'] == $me['org']): ?>
|
||||||
<th class="actions">Actions</th>
|
<th class="actions">Actions</th>
|
||||||
<?php endif;?>
|
<?php endif;?>
|
||||||
</tr>
|
</tr>
|
||||||
|
@ -107,14 +107,14 @@
|
||||||
?></td>
|
?></td>
|
||||||
<td class="short" title="<?php echo $type_definitions[$attribute['type']]['desc'];?>"><?php echo $attribute['type'];?></td>
|
<td class="short" title="<?php echo $type_definitions[$attribute['type']]['desc'];?>"><?php echo $attribute['type'];?></td>
|
||||||
<td><?php
|
<td><?php
|
||||||
$sig_display = nl2br(Sanitize::html($attribute['value']));
|
$sig_display = nl2br(h($attribute['value']));
|
||||||
if('attachment' == $attribute['type'] ||
|
if('attachment' == $attribute['type'] ||
|
||||||
'malware-sample' == $attribute['type'] ) {
|
'malware-sample' == $attribute['type'] ) {
|
||||||
$filename_hash = explode('|', Sanitize::html($attribute['value']));
|
$filename_hash = explode('|', h($attribute['value']));
|
||||||
echo $this->Html->link($filename_hash[0], array('controller' => 'attributes', 'action' => 'download', $attribute['id']));
|
echo $this->Html->link($filename_hash[0], array('controller' => 'attributes', 'action' => 'download', $attribute['id']));
|
||||||
if (isset($filename_hash[1])) echo ' | '.$filename_hash[1];
|
if (isset($filename_hash[1])) echo ' | '.$filename_hash[1];
|
||||||
} elseif (strpos($attribute['type'], '|') !== false) {
|
} elseif (strpos($attribute['type'], '|') !== false) {
|
||||||
$filename_hash = explode('|', Sanitize::html($attribute['value']));
|
$filename_hash = explode('|', h($attribute['value']));
|
||||||
echo $filename_hash[0];
|
echo $filename_hash[0];
|
||||||
if (isset($filename_hash[1])) echo ' | '.$filename_hash[1];
|
if (isset($filename_hash[1])) echo ' | '.$filename_hash[1];
|
||||||
} elseif ('vulnerability' == $attribute['type']) {
|
} elseif ('vulnerability' == $attribute['type']) {
|
||||||
|
|
Loading…
Reference in New Issue