From 1c662d906121eaf8daaa5c927f54082765a96583 Mon Sep 17 00:00:00 2001 From: Florian Forster Date: Mon, 16 Apr 2012 15:02:04 +0200 Subject: [PATCH] contrib/collection3: Ignore control characters. While they are correctly encoded, e.g. as "", browsers will complain about invalid XML and not render the page. Ignore all control characters other than whitespace. --- contrib/collection3/bin/index.cgi | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/contrib/collection3/bin/index.cgi b/contrib/collection3/bin/index.cgi index 027961fa..4723af96 100755 --- a/contrib/collection3/bin/index.cgi +++ b/contrib/collection3/bin/index.cgi @@ -240,6 +240,28 @@ HTML $html_started = 0; } +sub contains_invalid_chars +{ + my $str = shift; + + for (split (m//, $str)) + { + my $n = ord ($_); + + # Whitespace is allowed. + if (($n >= 9) && ($n <= 13)) + { + next; + } + elsif ($n < 32) + { + return (1); + } + } + + return; +} + sub show_selector { my $timespan_selection = get_timespan_selection (); @@ -254,6 +276,7 @@ sub show_selector HTML for (sort (keys %$host_selection)) { + next if contains_invalid_chars ($_); my $host = encode_entities ($_); my $selected = $host_selection->{$_} ? ' selected="selected"' @@ -266,6 +289,7 @@ HTML HTML for (sort (keys %$plugin_selection)) { + next if contains_invalid_chars ($_); my $plugin = encode_entities ($_); my $selected = $plugin_selection->{$_} ? ' selected="selected"' @@ -278,6 +302,7 @@ HTML HTML for (sort { $TimeSpans->{$a} <=> $TimeSpans->{$b} } (keys (%$TimeSpans))) { + next if contains_invalid_chars ($_); my $name = encode_entities ($_); my $value = $TimeSpans->{$_}; my $selected = ($value == $timespan_selection) @@ -304,6 +329,7 @@ sub action_list_hosts for (sort @hosts) { my $url = encode_entities (script_name () . "?action=show_selection;hostname=$_"); + next if contains_invalid_chars ($_); my $name = encode_entities ($_); print qq#
  • $name
  • \n#; } -- 2.30.2