[checkmk-commits] Check_MK Git: check_mk: #1953 FIX Fixed processing of html processing in input fields

Module: check_mk Branch: master Commit: 0e94671be62c40f32a0c3e7888054c426398fc2b URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=0e94671be62c40… Author: Sven Rueß &lt;sr(a)mathias-kettner.de&gt; Date: Thu Mar 19 10:25:24 2015 +0100 #1953 FIX Fixed processing of html processing in input fields If you enter html entities in input fields, the value will be saved correctly. If you open the rule for editing again, the value will be interpreted. This replaces html entities with the interpreted character. If you save the rule now, all html entities will be lost. One example: C+: You enter &#46; Will be replaced with . (Dot) C-: This bug was reported by a customer who have used check_http for finding html entities in a webpage. --- .werks/1953 | 22 ++++++++++++++++++++++ ChangeLog | 1 + web/htdocs/htmllib.py | 2 +- 3 files changed, 24 insertions(+), 1 deletion(-) diff --git a/.werks/1953 b/.werks/1953 new file mode 100644 index 0000000..7108557 --- /dev/null +++ b/.werks/1953 @@ -0,0 +1,22 @@ +Title: Fixed processing of html processing in input fields +Level: 1 +Component: multisite +Class: fix +Compatible: compat +State: unknown +Version: 1.2.7i1 +Date: 1426752106 + +If you enter html entities in input fields, the value will be saved correctly. +If you open the rule for editing again, the value will be interpreted. This +replaces html entities with the interpreted character. If you save the rule +now, all html entities will be lost. + +One example: +C+: +You enter &#46; +Will be replaced with . (Dot) +C-: + +This bug was reported by a customer who have used check_http for finding html +entities in a webpage. diff --git a/ChangeLog b/ChangeLog index 906ad9c..6fa04e2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -319,6 +319,7 @@ * 2145 FIX: LDAP-Sync: Handling user ids with special characters more user friendly... * 2149 FIX: LDAP: The diagnostic log has been changed to use a fixed path... * 2150 FIX: Reworked internal logging mechanism... + * 1953 FIX: Fixed processing of html processing in input fields... WATO: * 1760 Added search form to manual checks page diff --git a/web/htdocs/htmllib.py b/web/htdocs/htmllib.py index 50de04e..624941e 100644 --- a/web/htdocs/htmllib.py +++ b/web/htdocs/htmllib.py @@ -1315,7 +1315,7 @@ class html: elif ty not in [str, unicode]: # also possible: type Exception! value = "%s" % value # Note: this allows Unicode. value might not have type str now - return value.replace('"', "&quot;").replace("<", "&lt;").replace(">", "&gt;") + return value.replace("&", "&amp;").replace('"', "&quot;").replace("<", "&lt;").replace(">", "&gt;") # This function returns a str object, never unicode! # Beware: this code is crucial for the performance of Multisite!