mirror of https://github.com/MISP/MISP
Sanitize::html() to h() for views is the way to go
parent
1a0586f14f
commit
e453ee0e97
|
@ -21,12 +21,12 @@
|
|||
<?php echo h($attribute['Attribute']['type']); ?> </td>
|
||||
<td onclick="document.location ='<?php echo $this->Html->url(array('controller' => 'events', 'action' => 'view', $attribute['Attribute']['event_id']), true) ;?>';">
|
||||
<?php
|
||||
$sig_display = nl2br(Sanitize::html($attribute['Attribute']['value']));
|
||||
$sig_display = nl2br(h($attribute['Attribute']['value']));
|
||||
if('attachment' == $attribute['Attribute']['type'] ||
|
||||
'malware-sample' == $attribute['Attribute']['type']) {
|
||||
echo $this->Html->link($sig_display, array('controller' => 'attributes', 'action' => 'download', $attribute['Attribute']['id']));
|
||||
} elseif('link' == $attribute['Attribute']['type']) {
|
||||
?><A HREF="<?php echo $attribute['Attribute']['value']?>"><?php echo $attribute['Attribute']['value']?></A><?php
|
||||
?><A HREF="<?php echo $attribute['Attribute']['value']?>"><?php echo $attribute['Attribute']['value']?></A><?php
|
||||
} else {
|
||||
echo $sig_display;
|
||||
}
|
||||
|
|
|
@ -2,16 +2,16 @@
|
|||
<?php //foreach ($events as $event): ?>
|
||||
Event : <?php echo $event['Event']['id']; ?>
|
||||
Date : <?php echo $event['Event']['date']; ?>
|
||||
Reported by : <?php echo Sanitize::html($event['Event']['org']); ?>
|
||||
Reported by : <?php echo h($event['Event']['org']); ?>
|
||||
Risk : <?php echo $event['Event']['risk']; ?>
|
||||
Attributes :
|
||||
<?php if (!empty($event['Attribute'])):
|
||||
$i = 0;
|
||||
foreach ($event['Attribute'] as $attribute): ?>
|
||||
- <?php echo $attribute['type']; echo str_repeat(' ', $appendlen - 2 - strlen( $attribute['type'])); ?>
|
||||
: <?php echo Sanitize::html($attribute['value']);?>
|
||||
: <?php echo h($attribute['value']);?>
|
||||
<?php endforeach; ?><?php endif; ?>
|
||||
Extra info :
|
||||
<?php echo Sanitize::html($event['Event']['info']); ?>
|
||||
<?php echo h($event['Event']['info']); ?>
|
||||
|
||||
<?php //endforeach; ?>
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
<th><?php echo $this->Paginator->sort('org');?></th>
|
||||
<?php endif; ?>
|
||||
<th><?php echo $this->Paginator->sort('date');?></th>
|
||||
<th<?php echo ' title="' . $event_descriptions['risk']['desc'] . '"';?>><?php echo $this->Paginator->sort('risk');?></th>
|
||||
<th<?php echo ' title="' . $event_descriptions['risk']['desc'] . '"';?>><?php echo $this->Paginator->sort('risk');?></th>
|
||||
<th><?php echo $this->Paginator->sort('info');?></th>
|
||||
<?php if ('true' == Configure::read('CyDefSIG.sync')): ?>
|
||||
<th<?php echo ' title="' . $event_descriptions['private']['desc'] . '"';?>><?php echo $this->Paginator->sort('private');?></th>
|
||||
|
@ -23,14 +23,14 @@
|
|||
</td>
|
||||
<?php if ('true' == Configure::read('CyDefSIG.showorg') || $isAdmin): ?>
|
||||
<td class="short" onclick="document.location ='<?php echo $this->Html->url(array('action' => 'view', $event['Event']['id']), true) ;?>';">
|
||||
<?php echo Sanitize::html($event['Event']['org']); ?> </td>
|
||||
<?php echo h($event['Event']['org']); ?> </td>
|
||||
<?php endif; ?>
|
||||
<td class="short" onclick="document.location ='<?php echo $this->Html->url(array('action' => 'view', $event['Event']['id']), true) ;?>';">
|
||||
<?php echo $event['Event']['date']; ?> </td>
|
||||
<td class="short" onclick="document.location ='<?php echo $this->Html->url(array('action' => 'view', $event['Event']['id']), true) ;?>';">
|
||||
<?php echo $event['Event']['risk']; ?> </td>
|
||||
<td onclick="document.location ='<?php echo $this->Html->url(array('action' => 'view', $event['Event']['id']), true) ;?>';">
|
||||
<?php echo nl2br(Sanitize::html($event['Event']['info'])); ?> </td>
|
||||
<?php echo nl2br(h($event['Event']['info'])); ?> </td>
|
||||
<?php if ('true' == Configure::read('CyDefSIG.sync')): ?>
|
||||
<td class="short" onclick="document.location ='<?php echo $this->Html->url(array('action' => 'view', $event['Event']['id']), true) ;?>';">
|
||||
<?php echo ($event['Event']['private'])? 'Private' : ''; ?> </td>
|
||||
|
|
|
@ -21,19 +21,19 @@
|
|||
<dl>
|
||||
<dt>ID</dt>
|
||||
<dd>
|
||||
<?php echo Sanitize::html($event['Event']['id']); ?>
|
||||
<?php echo h($event['Event']['id']); ?>
|
||||
|
||||
</dd>
|
||||
<?php if ('true' == Configure::read('CyDefSIG.showorg') || $isAdmin): ?>
|
||||
<dt>Org</dt>
|
||||
<dd>
|
||||
<?php echo Sanitize::html($event['Event']['org']); ?>
|
||||
<?php echo h($event['Event']['org']); ?>
|
||||
|
||||
</dd>
|
||||
<?php endif; ?>
|
||||
<dt>Date</dt>
|
||||
<dd>
|
||||
<?php echo Sanitize::html($event['Event']['date']); ?>
|
||||
<?php echo h($event['Event']['date']); ?>
|
||||
|
||||
</dd>
|
||||
<dt<?php echo ' title="' . $event_descriptions['risk']['desc'] . '"';?>>Risk</dt>
|
||||
|
@ -55,7 +55,7 @@
|
|||
</dd -->
|
||||
<dt>Info</dt>
|
||||
<dd>
|
||||
<?php echo nl2br(Sanitize::html($event['Event']['info'])); ?>
|
||||
<?php echo nl2br(h($event['Event']['info'])); ?>
|
||||
|
||||
</dd>
|
||||
</dl>
|
||||
|
@ -86,7 +86,7 @@
|
|||
<?php if ('true' == Configure::read('CyDefSIG.sync')): ?>
|
||||
<th <?php echo "title='" . $attr_descriptions['private']['desc'] . "'";?>>Private</th>
|
||||
<?php endif;?>
|
||||
<?php if ($isAdmin || $event['Event']['org'] == $me['org']): ?>
|
||||
<?php if ($isAdmin || $event['Event']['org'] == $me['org']): ?>
|
||||
<th class="actions">Actions</th>
|
||||
<?php endif;?>
|
||||
</tr>
|
||||
|
@ -107,14 +107,14 @@
|
|||
?></td>
|
||||
<td class="short" title="<?php echo $type_definitions[$attribute['type']]['desc'];?>"><?php echo $attribute['type'];?></td>
|
||||
<td><?php
|
||||
$sig_display = nl2br(Sanitize::html($attribute['value']));
|
||||
$sig_display = nl2br(h($attribute['value']));
|
||||
if('attachment' == $attribute['type'] ||
|
||||
'malware-sample' == $attribute['type'] ) {
|
||||
$filename_hash = explode('|', Sanitize::html($attribute['value']));
|
||||
$filename_hash = explode('|', h($attribute['value']));
|
||||
echo $this->Html->link($filename_hash[0], array('controller' => 'attributes', 'action' => 'download', $attribute['id']));
|
||||
if (isset($filename_hash[1])) echo ' | '.$filename_hash[1];
|
||||
} elseif (strpos($attribute['type'], '|') !== false) {
|
||||
$filename_hash = explode('|', Sanitize::html($attribute['value']));
|
||||
$filename_hash = explode('|', h($attribute['value']));
|
||||
echo $filename_hash[0];
|
||||
if (isset($filename_hash[1])) echo ' | '.$filename_hash[1];
|
||||
} elseif ('vulnerability' == $attribute['type']) {
|
||||
|
|
Loading…
Reference in New Issue