1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
$NetBSD: patch-am,v 1.1 2008/03/18 21:53:41 tonnerre Exp $
--- cgi/notifications.c.orig 2006-06-19 22:53:24.000000000 +0200
+++ cgi/notifications.c
@@ -371,6 +371,7 @@ int process_cgivars(void){
query_host_name=strdup(variables[x]);
if(query_host_name==NULL)
query_host_name="";
+ strip_html_brackets(query_host_name);
if(!strcmp(query_host_name,"all"))
find_all=TRUE;
else
@@ -390,6 +391,7 @@ int process_cgivars(void){
if(query_contact_name==NULL)
query_contact_name="";
+ strip_html_brackets(query_contact_name);
if(!strcmp(query_contact_name,"all"))
find_all=TRUE;
else
@@ -408,6 +410,7 @@ int process_cgivars(void){
query_svc_description=strdup(variables[x]);
if(query_svc_description==NULL)
query_svc_description="";
+ strip_html_brackets(query_svc_description);
}
/* we found the notification type argument */
@@ -553,7 +556,7 @@ void display_notifications(void){
/* get the host name */
temp_buffer=(char *)strtok(NULL,";");
snprintf(host_name,sizeof(host_name),"%s",(temp_buffer==NULL)?"":temp_buffer);
- host_name[sizeof(host_name)]='\x0';
+ host_name[sizeof(host_name)-1]='\x0';
/* get the service name */
if(notification_type==SERVICE_NOTIFICATION){
@@ -714,7 +717,7 @@ void display_notifications(void){
printf("<td CLASS='notifications%s'>%s</td>\n",(odd)?"Even":"Odd",date_time);
printf("<td CLASS='notifications%s'><a href='%s?type=contacts#%s'>%s</a></td>\n",(odd)?"Even":"Odd",CONFIG_CGI,url_encode(contact_name),contact_name);
printf("<td CLASS='notifications%s'><a href='%s?type=commands#%s'>%s</a></td>\n",(odd)?"Even":"Odd",CONFIG_CGI,url_encode(method_name),method_name);
- printf("<td CLASS='notifications%s'>%s</td>\n",(odd)?"Even":"Odd",temp_buffer);
+ printf("<td CLASS='notifications%s'>%s</td>\n",(odd)?"Even":"Odd",html_encode(temp_buffer));
printf("</tr>\n");
}
}
|
