[Nagios-checkins] SF.net SVN: nagios:[2631] nagioscore/branches/nagios-3-4-x

[<est...@us...>]

Revision: 2631
          http://nagios.svn.sourceforge.net/nagios/?rev=2631&view=rev
Author:   estanley375
Date:     2013-02-27 01:37:32 +0000 (Wed, 27 Feb 2013)
Log Message:
-----------
Fixed bug #403: The configuration page of the webui doesn't use entity encoding when displaying the command expansion item

Modified Paths:
--------------
    nagioscore/branches/nagios-3-4-x/Changelog
    nagioscore/branches/nagios-3-4-x/cgi/config.c

Modified: nagioscore/branches/nagios-3-4-x/Changelog
===================================================================
--- nagioscore/branches/nagios-3-4-x/Changelog	2013-02-26 16:27:19 UTC (rev 2630)
+++ nagioscore/branches/nagios-3-4-x/Changelog	2013-02-27 01:37:32 UTC (rev 2631)
@@ -4,6 +4,7 @@
 
 3.4.5 - xx/xx/xxxx
 ------------------
+* Fixed bug #403: The "configuration" page of the webui doesn't use entity encoding when displaying the "command expansion" item (Eric Stanley)
 * Fixed bug #424: Nagios Core 3.4.4 seg fault (core dump) on restart after removing config for running service (Eric Stanley)
 * Updated CGI utility functions to support UTF-8 characters (Eric Stanley)
 * Fixed bug where selecting Command Expansion from Configuration CGI page would display commands instead (Eric Stanley)

Modified: nagioscore/branches/nagios-3-4-x/cgi/config.c
===================================================================
--- nagioscore/branches/nagios-3-4-x/cgi/config.c	2013-02-26 16:27:19 UTC (rev 2630)
+++ nagioscore/branches/nagios-3-4-x/cgi/config.c	2013-02-27 01:37:32 UTC (rev 2631)
@@ -2293,7 +2293,7 @@
 
 		printf("<TR CLASS='dataEven'><TD CLASS='dataEven'>To expand:</TD><TD CLASS='dataEven'>%s", escape_string(command_args[0]));
 		for(i = 1; (i < MAX_COMMAND_ARGUMENTS) && command_args[i]; i++)
-			printf("!<FONT\n   COLOR='%s'>%s</FONT>", hash_color(i), command_args[i]);
+			printf("!<FONT\n   COLOR='%s'>%s</FONT>", hash_color(i), escape_string(command_args[i]));
 		printf("\n</TD></TR>\n");
 
 		/* check all commands */
@@ -2427,6 +2427,7 @@
 			}
 		}
 
+	printf("<TR CLASS='dataEven'><TD><BR/></TD><TD CLASS='dataEven'>Enter the command_check definition from a host or service definition and press Go to see the expansion of the command</TD></TR>\n");
 	printf("<TR CLASS='dataEven'><TD CLASS='dataEven'>To expand:</TD><TD CLASS='dataEven'><FORM\n");
 	printf("METHOD='GET' ACTION='%s'><INPUT TYPE='HIDDEN' NAME='type' VALUE='command'><INPUT\n", CONFIG_CGI);
 	printf("TYPE='text' NAME='expand' SIZE='100%%' VALUE='%s'>\n", html_encode(to_expand, FALSE));

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.