#3831 avoid other xss injection

www/include/configuration/configCentreonBroker/listCentreonBroker.php

@@ -37,6 +37,8 @@
     exit();
  }
 
+include_once("./class/centreonUtils.class.php");
+
 include("./include/common/autoNumLimit.php");
 
 /*
@@ -157,9 +159,9 @@
     $elemArr[$i] = array(
                          "MenuClass" => "list_".$style,
                          "RowMenu_select" => $selectedElements->toHtml(),
-                         "RowMenu_name" => $config["config_name"],
+                         "RowMenu_name" => CentreonUtils::escapeSecure($config["config_name"]),
                          "RowMenu_link" => "?p=".$p."&o=c&id=".$config['config_id'],
-                         "RowMenu_desc" => substr($nagios_servers[$config["ns_nagios_server"]], 0, 40),
+                         "RowMenu_desc" => CentreonUtils::escapeSecure(substr($nagios_servers[$config["ns_nagios_server"]], 0, 40)),
                          "RowMenu_inputs" => $inputNumber,
                          "RowMenu_outputs" => $outputNumber,
                          "RowMenu_loggers" => $loggerNumber,

www/include/configuration/configObject/escalation/listEscalation.php

@@ -39,6 +39,8 @@
 	if (!isset($oreon))
 		exit();
 
+        include_once("./class/centreonUtils.class.php");
+
 	include("./include/common/autoNumLimit.php");
 
 	isset($_GET["list"]) ? $list = $_GET["list"] : $list = NULL;
@@ -175,8 +177,8 @@
 		$moptions .= "&nbsp;<input onKeypress=\"if(event.keyCode > 31 && (event.keyCode < 45 || event.keyCode > 57)) event.returnValue = false; if(event.which > 31 && (event.which < 45 || event.which > 57)) return false;\" maxlength=\"3\" size=\"3\" value='1' style=\"margin-bottom:0px;\" name='dupNbr[".$esc['esc_id']."]'></input>";
 		$elemArr[$i] = array("MenuClass"=>"list_".$style, 
 						"RowMenu_select"=>$selectedElements->toHtml(),
-						"RowMenu_name"=>myDecode($esc["esc_name"]),
-						"RowMenu_alias"=>myDecode($esc["esc_alias"]),
+						"RowMenu_name"=>CentreonUtils::escapeSecure(myDecode($esc["esc_name"])),
+						"RowMenu_alias"=>CentreonUtils::escapeSecure(myDecode($esc["esc_alias"])),
 						"RowMenu_link"=>"?p=".$p."&o=c&esc_id=".$esc['esc_id'],
 						"RowMenu_options"=>$moptions);
 		$style != "two" ? $style = "two" : $style = "one";	}
@@ -238,4 +240,4 @@ function setO(_i) {
 	$form->accept($renderer);	
 	$tpl->assign('form', $renderer->toArray());
 	$tpl->display("listEscalation.ihtml");
-?>
+?>

www/include/configuration/configObject/host_dependency/listHostDependency.php

@@ -39,6 +39,8 @@
 	if (!isset($oreon))
 		exit();
 
+        include_once("./class/centreonUtils.class.php");
+
 	include("./include/common/autoNumLimit.php");
 
 	/*
@@ -126,8 +128,8 @@
 		$moptions .= "&nbsp;<input onKeypress=\"if(event.keyCode > 31 && (event.keyCode < 45 || event.keyCode > 57)) event.returnValue = false; if(event.which > 31 && (event.which < 45 || event.which > 57)) return false;\" maxlength=\"3\" size=\"3\" value='1' style=\"margin-bottom:0px;\" name='dupNbr[".$dep['dep_id']."]'></input>";
 		$elemArr[$i] = array("MenuClass"=>"list_".$style,
 						"RowMenu_select"=>$selectedElements->toHtml(),
-						"RowMenu_name"=>myDecode($dep["dep_name"]),
-						"RowMenu_description"=>myDecode($dep["dep_description"]),
+						"RowMenu_name"=>CentreonUtils::escapeSecure(myDecode($dep["dep_name"])),
+						"RowMenu_description"=>CentreonUtils::escapeSecure(myDecode($dep["dep_description"])),
 						"RowMenu_link"=>"?p=".$p."&o=c&dep_id=".$dep['dep_id'],
 						"RowMenu_options"=>$moptions);
 		$style != "two" ? $style = "two" : $style = "one";	}

www/include/configuration/configObject/hostgroup_dependency/listHostGroupDependency.php

@@ -39,6 +39,8 @@
 	if (!isset($oreon))
 		exit();
 
+        include_once("./class/centreonUtils.class.php");
+
 	include("./include/common/autoNumLimit.php");
 
 	/*
@@ -120,9 +122,9 @@
 		$moptions .= "&nbsp;<input onKeypress=\"if(event.keyCode > 31 && (event.keyCode < 45 || event.keyCode > 57)) event.returnValue = false; if(event.which > 31 && (event.which < 45 || event.which > 57)) return false;\" maxlength=\"3\" size=\"3\" value='1' style=\"margin-bottom:0px;\" name='dupNbr[".$dep['dep_id']."]'></input>";
 		$elemArr[$i] = array(	"MenuClass"=>"list_".$style,
 								"RowMenu_select"=>$selectedElements->toHtml(),
-								"RowMenu_name"=>$dep["dep_name"],
+								"RowMenu_name"=>CentreonUtils::escapeSecure($dep["dep_name"]),
 								"RowMenu_link"=>"?p=".$p."&o=c&dep_id=".$dep['dep_id'],
-								"RowMenu_description"=>$dep["dep_description"],
+								"RowMenu_description"=>CentreonUtils::escapeSecure($dep["dep_description"]),
 								"RowMenu_options"=>$moptions);
 		$style != "two" ? $style = "two" : $style = "one";
 	}
@@ -182,4 +184,4 @@ function setO(_i) {
 	$form->accept($renderer);
 	$tpl->assign('form', $renderer->toArray());
 	$tpl->display("listHostGroupDependency.ihtml");
-?>
+?>

www/include/configuration/configObject/metaservice_dependency/listMetaServiceDependency.php

@@ -38,6 +38,8 @@
 
 	if (!isset($oreon))
 		exit();
+
+        include_once("./class/centreonUtils.class.php");
 
 	include("./include/common/autoNumLimit.php");
 
@@ -109,9 +111,9 @@
 		$moptions .= "&nbsp;<input onKeypress=\"if(event.keyCode > 31 && (event.keyCode < 45 || event.keyCode > 57)) event.returnValue = false; if(event.which > 31 && (event.which < 45 || event.which > 57)) return false;\" maxlength=\"3\" size=\"3\" value='1' style=\"margin-bottom:0px;\" name='dupNbr[".$dep['dep_id']."]'></input>";
 		$elemArr[$i] = array("MenuClass"=>"list_".$style, 
 						"RowMenu_select"=>$selectedElements->toHtml(),
-						"RowMenu_name"=>$dep["dep_name"],
+						"RowMenu_name"=>CentreonUtils::escapeSecure($dep["dep_name"]),
 						"RowMenu_link"=>"?p=".$p."&o=c&dep_id=".$dep['dep_id'],
-						"RowMenu_description"=>$dep["dep_description"],
+						"RowMenu_description"=>CentreonUtils::escapeSecure($dep["dep_description"]),
 						"RowMenu_options"=>$moptions);
 		$style != "two" ? $style = "two" : $style = "one";	}
 	$tpl->assign("elemArr", $elemArr);
@@ -169,4 +171,4 @@ function setO(_i) {
 	$form->accept($renderer);	
 	$tpl->assign('form', $renderer->toArray());
 	$tpl->display("listMetaServiceDependency.ihtml");
-?>
+?>

www/include/configuration/configObject/servicegroup_dependency/listServiceGroupDependency.php

@@ -38,6 +38,8 @@
 
 	if (!isset($oreon))
 		exit();
+
+        include_once("./class/centreonUtils.class.php");
 
 	include("./include/common/autoNumLimit.php");
 
@@ -130,9 +132,9 @@
 		$moptions .= "&nbsp;<input onKeypress=\"if(event.keyCode > 31 && (event.keyCode < 45 || event.keyCode > 57)) event.returnValue = false; if(event.which > 31 && (event.which < 45 || event.which > 57)) return false;\" maxlength=\"3\" size=\"3\" value='1' style=\"margin-bottom:0px;\" name='dupNbr[".$dep['dep_id']."]'></input>";
 		$elemArr[$i] = array(	"MenuClass"=>"list_".$style, 
 								"RowMenu_select"=>$selectedElements->toHtml(),
-								"RowMenu_name"=>htmlentities($dep["dep_name"]),
+								"RowMenu_name"=>CentreonUtils::escapeSecure(htmlentities($dep["dep_name"])),
 								"RowMenu_link"=>"?p=".$p."&o=c&dep_id=".$dep['dep_id'],
-								"RowMenu_description"=>htmlentities($dep["dep_description"]),
+								"RowMenu_description"=>CentreonUtils::escapeSecure(htmlentities($dep["dep_description"])),
 								"RowMenu_options"=>$moptions);
 		$style != "two" ? $style = "two" : $style = "one";	}
 	$tpl->assign("elemArr", $elemArr);