From 1c10afb5bfaf55d8cf89e2b60b0618aa869dcc19 Mon Sep 17 00:00:00 2001 From: Florian Forster Date: Sun, 27 May 2012 11:13:04 +0200 Subject: [PATCH] collection3: Filter out identifiers with control characters. Otherwise XML errors will prevent the page from rendering. --- contrib/collection3/bin/index.cgi | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/contrib/collection3/bin/index.cgi b/contrib/collection3/bin/index.cgi index 85064b86..e28e9857 100755 --- a/contrib/collection3/bin/index.cgi +++ b/contrib/collection3/bin/index.cgi @@ -161,6 +161,28 @@ sub end_html HTML } +sub contains_invalid_chars +{ + my $str = shift; + + for (split (m//, $str)) + { + my $n = ord ($_); + + # Whitespace is allowed. + if (($n >= 9) && ($n <= 13)) + { + next; + } + elsif ($n < 32) + { + return (1); + } + } + + return; +} + sub show_selector { my $timespan_selection = get_timespan_selection (); @@ -175,6 +197,7 @@ sub show_selector HTML for (sort (keys %$host_selection)) { + next if contains_invalid_chars ($_); my $host = encode_entities ($_); my $selected = $host_selection->{$_} ? ' selected="selected"' @@ -187,6 +210,7 @@ HTML HTML for (sort (keys %$plugin_selection)) { + next if contains_invalid_chars ($_); my $plugin = encode_entities ($_); my $selected = $plugin_selection->{$_} ? ' selected="selected"' @@ -199,6 +223,7 @@ HTML HTML for (sort { $TimeSpans->{$a} <=> $TimeSpans->{$b} } (keys (%$TimeSpans))) { + next if contains_invalid_chars ($_); my $name = encode_entities ($_); my $value = $TimeSpans->{$_}; my $selected = ($value == $timespan_selection) @@ -225,6 +250,7 @@ sub action_list_hosts for (sort @hosts) { my $url = encode_entities (script_name () . "?action=show_selection;hostname=$_"); + next if contains_invalid_chars ($_); my $name = encode_entities ($_); print qq#
  • $name
    • \n#; } -- 2.30.2