mirror of https://github.com/MISP/MISP
Sanitize::html() to h() for views is the way to go
parent
1a0586f14f
commit
e453ee0e97
|
@ -21,7 +21,7 @@
|
|||
<?php echo h($attribute['Attribute']['type']); ?> </td>
|
||||
<td onclick="document.location ='<?php echo $this->Html->url(array('controller' => 'events', 'action' => 'view', $attribute['Attribute']['event_id']), true) ;?>';">
|
||||
<?php
|
||||
$sig_display = nl2br(Sanitize::html($attribute['Attribute']['value']));
|
||||
$sig_display = nl2br(h($attribute['Attribute']['value']));
|
||||
if('attachment' == $attribute['Attribute']['type'] ||
|
||||
'malware-sample' == $attribute['Attribute']['type']) {
|
||||
echo $this->Html->link($sig_display, array('controller' => 'attributes', 'action' => 'download', $attribute['Attribute']['id']));
|
||||
|
|
|
@ -2,16 +2,16 @@
|
|||
<?php //foreach ($events as $event): ?>
|
||||
Event : <?php echo $event['Event']['id']; ?>
|
||||
Date : <?php echo $event['Event']['date']; ?>
|
||||
Reported by : <?php echo Sanitize::html($event['Event']['org']); ?>
|
||||
Reported by : <?php echo h($event['Event']['org']); ?>
|
||||
Risk : <?php echo $event['Event']['risk']; ?>
|
||||
Attributes :
|
||||
<?php if (!empty($event['Attribute'])):
|
||||
$i = 0;
|
||||
foreach ($event['Attribute'] as $attribute): ?>
|
||||
- <?php echo $attribute['type']; echo str_repeat(' ', $appendlen - 2 - strlen( $attribute['type'])); ?>
|
||||
: <?php echo Sanitize::html($attribute['value']);?>
|
||||
: <?php echo h($attribute['value']);?>
|
||||
<?php endforeach; ?><?php endif; ?>
|
||||
Extra info :
|
||||
<?php echo Sanitize::html($event['Event']['info']); ?>
|
||||
<?php echo h($event['Event']['info']); ?>
|
||||
|
||||
<?php //endforeach; ?>
|
||||
|
|
|
@ -23,14 +23,14 @@
|
|||
</td>
|
||||
<?php if ('true' == Configure::read('CyDefSIG.showorg') || $isAdmin): ?>
|
||||
<td class="short" onclick="document.location ='<?php echo $this->Html->url(array('action' => 'view', $event['Event']['id']), true) ;?>';">
|
||||
<?php echo Sanitize::html($event['Event']['org']); ?> </td>
|
||||
<?php echo h($event['Event']['org']); ?> </td>
|
||||
<?php endif; ?>
|
||||
<td class="short" onclick="document.location ='<?php echo $this->Html->url(array('action' => 'view', $event['Event']['id']), true) ;?>';">
|
||||
<?php echo $event['Event']['date']; ?> </td>
|
||||
<td class="short" onclick="document.location ='<?php echo $this->Html->url(array('action' => 'view', $event['Event']['id']), true) ;?>';">
|
||||
<?php echo $event['Event']['risk']; ?> </td>
|
||||
<td onclick="document.location ='<?php echo $this->Html->url(array('action' => 'view', $event['Event']['id']), true) ;?>';">
|
||||
<?php echo nl2br(Sanitize::html($event['Event']['info'])); ?> </td>
|
||||
<?php echo nl2br(h($event['Event']['info'])); ?> </td>
|
||||
<?php if ('true' == Configure::read('CyDefSIG.sync')): ?>
|
||||
<td class="short" onclick="document.location ='<?php echo $this->Html->url(array('action' => 'view', $event['Event']['id']), true) ;?>';">
|
||||
<?php echo ($event['Event']['private'])? 'Private' : ''; ?> </td>
|
||||
|
|
|
@ -21,19 +21,19 @@
|
|||
<dl>
|
||||
<dt>ID</dt>
|
||||
<dd>
|
||||
<?php echo Sanitize::html($event['Event']['id']); ?>
|
||||
<?php echo h($event['Event']['id']); ?>
|
||||
|
||||
</dd>
|
||||
<?php if ('true' == Configure::read('CyDefSIG.showorg') || $isAdmin): ?>
|
||||
<dt>Org</dt>
|
||||
<dd>
|
||||
<?php echo Sanitize::html($event['Event']['org']); ?>
|
||||
<?php echo h($event['Event']['org']); ?>
|
||||
|
||||
</dd>
|
||||
<?php endif; ?>
|
||||
<dt>Date</dt>
|
||||
<dd>
|
||||
<?php echo Sanitize::html($event['Event']['date']); ?>
|
||||
<?php echo h($event['Event']['date']); ?>
|
||||
|
||||
</dd>
|
||||
<dt<?php echo ' title="' . $event_descriptions['risk']['desc'] . '"';?>>Risk</dt>
|
||||
|
@ -55,7 +55,7 @@
|
|||
</dd -->
|
||||
<dt>Info</dt>
|
||||
<dd>
|
||||
<?php echo nl2br(Sanitize::html($event['Event']['info'])); ?>
|
||||
<?php echo nl2br(h($event['Event']['info'])); ?>
|
||||
|
||||
</dd>
|
||||
</dl>
|
||||
|
@ -107,14 +107,14 @@
|
|||
?></td>
|
||||
<td class="short" title="<?php echo $type_definitions[$attribute['type']]['desc'];?>"><?php echo $attribute['type'];?></td>
|
||||
<td><?php
|
||||
$sig_display = nl2br(Sanitize::html($attribute['value']));
|
||||
$sig_display = nl2br(h($attribute['value']));
|
||||
if('attachment' == $attribute['type'] ||
|
||||
'malware-sample' == $attribute['type'] ) {
|
||||
$filename_hash = explode('|', Sanitize::html($attribute['value']));
|
||||
$filename_hash = explode('|', h($attribute['value']));
|
||||
echo $this->Html->link($filename_hash[0], array('controller' => 'attributes', 'action' => 'download', $attribute['id']));
|
||||
if (isset($filename_hash[1])) echo ' | '.$filename_hash[1];
|
||||
} elseif (strpos($attribute['type'], '|') !== false) {
|
||||
$filename_hash = explode('|', Sanitize::html($attribute['value']));
|
||||
$filename_hash = explode('|', h($attribute['value']));
|
||||
echo $filename_hash[0];
|
||||
if (isset($filename_hash[1])) echo ' | '.$filename_hash[1];
|
||||
} elseif ('vulnerability' == $attribute['type']) {
|
||||
|
|
Loading…
Reference in New Issue