(fix) service status : encoding issue on status page (#11583)

* fix(git): sync dev-21.04.x with 21.04.x (#11526) * [SNYK] Sanitize and bind ACL host dependency queries (#11389) (#11521) * Sanitize and bind ACL host dependency queries * fix issues * [SNYK] Sanitize and bind centreonGraph class queries (#11409) (#11517) 1122 1153 1134 * removed old variable userCrypted and the use of it (#11334) (#11516) * fix(test): wait 8s before checking downtime is active in rest api v1 test (#11498) (#11506) Refs: MON-14585 * [Snyk] Sanitize and bind ACL action access queries (#11385) (#11514) * Sanitize and bind ACL action access queries _ sanitize if possible each variables inserted in a query _ use PDO prepared statement and bind() method _ Do not use $pearDB->escape on which is for examples useless on integers and on non closed HTML tags (svg, img, etc) * fix line length * fix failed checks * [SNYK] Sanitize and bind ACL class queries (#11392) (#11513) * Sanitize and bind ACL class queries Queries sanitized and bound using PDO statement * fix spaces spaces between (int) cast and variables * update file delete spaces after comma * change variables names due to a review * Line exceeds 120 characters; contains 123 characters * fix(pendo): correctly set locale when language is detection by browser (#11484) (#11530) Refs: MON-14039 * doc(ack): acknowledge Hakaï security (#11538) * SNYK: Sanitize and bind ACL actions queries (#11549) * sanitizing and binding acl actions queries * fix missing bind * SNYK: Sanitize and bind Broker listing queries (#11553) * Sanitizing and binding broker listing queries * applying suggested changes * fix(conf) fix encoding in template service listing (#11558) (#11566) * fix encoding * remove useless function * SNYK: Sanitize and bind generateImage queries (#11563) * sanitize and bind generate image queries * adding throw exception * applying suggested changes * Update www/include/views/graphs/generateGraphs/generateImage.php Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Kevin Duret <kduret@centreon.com> * MON-14501 - sanitize query in centreonXmlbgRequest class (#11572) * sanitize query in centreonXmlbgRequest class * add closeCursor func to resolve conv * SNYK: Sanitize and bind Meta-Services dependency queries (#11554) (#11569) * sanityze 2 insert queries * spaces removed in a query * Fix encoding issue on status serviceXML Co-authored-by: Kevin Duret <kduret@centreon.com> Co-authored-by: Elmahdi ABBASSI <108519266+emabassi-ext@users.noreply.github.com> Co-authored-by: jeremyjaouen <61694165+jeremyjaouen@users.noreply.github.com> Co-authored-by: Stéphane Chapron <34628915+sc979@users.noreply.github.com> Co-authored-by: hyahiaoui-ext <97593234+hyahiaoui-ext@users.noreply.github.com> Co-authored-by: alaunois <alaunois@centreon.com>
centreon · Aug 31, 2022 · 917ec42 · 917ec42
1 parent 2bf653b
commit 917ec42
Showing 1 changed file with 10 additions and 9 deletions.
diff --git a/www/include/monitoring/status/Services/xml/serviceXML.php b/www/include/monitoring/status/Services/xml/serviceXML.php
@@ -1,4 +1,5 @@
 <?php
+
 /*
  * Copyright 2005-2019 Centreon
  * Centreon is developed by : Julien Mathis and Romain Le Merlus under
@@ -35,17 +36,17 @@
 
 // Require configuration.
 require_once realpath(__DIR__ . "/../../../../../../bootstrap.php");
-include_once _CENTREON_PATH_ . "www/class/centreonUtils.class.php";
+require_once  _CENTREON_PATH_ . "www/class/centreonUtils.class.php";
 
 // Require Specific XML / Ajax Class
-include_once _CENTREON_PATH_ . "www/class/centreonXMLBGRequest.class.php";
-include_once _CENTREON_PATH_ . "www/class/centreonInstance.class.php";
-include_once _CENTREON_PATH_ . "www/class/centreonCriticality.class.php";
-include_once _CENTREON_PATH_ . "www/class/centreonMedia.class.php";
+require_once  _CENTREON_PATH_ . "www/class/centreonXMLBGRequest.class.php";
+require_once  _CENTREON_PATH_ . "www/class/centreonInstance.class.php";
+require_once  _CENTREON_PATH_ . "www/class/centreonCriticality.class.php";
+require_once  _CENTREON_PATH_ . "www/class/centreonMedia.class.php";
 
 // Require common Files.
-include_once _CENTREON_PATH_ . "www/include/monitoring/status/Common/common-Func.php";
-include_once _CENTREON_PATH_ . "www/include/common/common-Func.php";
+require_once  _CENTREON_PATH_ . "www/include/monitoring/status/Common/common-Func.php";
+require_once  _CENTREON_PATH_ . "www/include/common/common-Func.php";
 
 // Create XML Request Objects
 CentreonSession::start();
@@ -142,7 +143,7 @@
 }
 
 $tabOrder = [];
-$tabOrder["criticality_id"] = " ORDER BY isnull " .$order . ", criticality " . $order . ", h.name, s.description ";
+$tabOrder["criticality_id"] = " ORDER BY isnull " . $order . ", criticality " . $order . ", h.name, s.description ";
 $tabOrder["host_name"] = " ORDER BY h.name " . $order . ", s.description ";
 $tabOrder["service_description"] = " ORDER BY s.description " . $order . ", h.name";
 $tabOrder["current_state"] = " ORDER BY s.state " . $order . ", h.name, s.description";
@@ -480,7 +481,7 @@
         $obj->XML->writeElement("sc", $obj->colorService[$data["state"]]);
         $obj->XML->writeElement("cs", _($obj->statusService[$data["state"]]), false);
         $obj->XML->writeElement("ssc", $data["state"]);
-        $obj->XML->writeElement("po", CentreonUtils::escapeSecure($pluginShortOuput));
+        $obj->XML->writeElement("po", htmlspecialchars(htmlspecialchars($pluginShortOuput)));
         $obj->XML->writeElement(
             "ca",
             $data["current_attempt"] . "/" . $data["max_check_attempts"]