Module: check_mk
Branch: master
Commit: fe2b2122087a2d3f9e58a000ebc89f2eddf3f47b
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=fe2b2122087a2d…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Tue Oct 22 15:48:15 2013 +0200
FIX: Improved user provided variable validation in inventory dialog
---
ChangeLog | 1 +
web/htdocs/wato.py | 3 ++-
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/ChangeLog b/ChangeLog
index bc9b138..a91c9ce 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -604,6 +604,7 @@
* FIX: check_ldap: Removed duplicate "-H" definition
* FIX: Fixed some output encoding problem in snapshot restore / deletion code
* FIX: Improved user provided variable validation in snapshot handling code
+ * FIX: Improved user provided variable validation in inventory dialog
Event Console:
* FIX: apply rewriting of application/hostname also when cancelling events
diff --git a/web/htdocs/wato.py b/web/htdocs/wato.py
index 95951d2..5ba6745 100644
--- a/web/htdocs/wato.py
+++ b/web/htdocs/wato.py
@@ -2288,6 +2288,7 @@ def show_service_table(host, firsttime):
first = True
trclass = "even"
for st, ct, checkgroup, item, paramstring, params, descr, state, output, perfdata
in table:
+ item = html.attrencode(item or 'None')
if state_type != st:
continue
if first:
@@ -2307,7 +2308,7 @@ def show_service_table(host, firsttime):
# Status, Checktype, Item, Description, Check Output
html.write("<td
class=\"%s\">%s</td><td>%s</td><td>%s</td><td>%s</td><td>%s</td>"
%
- (stateclass, statename, ct, item, descr, output))
+ (stateclass, statename, ct, item, html.attrencode(descr),
html.attrencode(output)))
# Icon for Rule editor, Check parameters
html.write("<td>")