mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Don't escape single quotes in alert templates so that we can compare strings in if statements

Browse Source
This commit is contained in:
Eldon Koyle
2016-03-03 11:02:17 -07:00
parent b34ee3932f
commit 124afc2054
1 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
alerts.php
View File

@ -359,6 +359,18 @@ function ExtTransports($obj) {
}//end ExtTransports()
/**
* Escape certain characters in template string
* @param string $tpl Template
* @return string
*/
function TplEscape($tpl) {
// theoretically like addslashes(), but don't escape single quote (') and do escape $
// FIXME: is there still a way to break out of the double-quoted string, maybe with a unicode char?
return preg_replace('(["\\\\$\\0])','\\0',$tpl);
}
/**
* Format Alert
* @param array $obj Alert-Array
@ -366,7 +378,7 @@ function ExtTransports($obj) {
*/
function FormatAlertTpl($obj) {
$tpl = $obj["template"];
$msg = '$ret .= "'.str_replace(array('{else}', '{/if}', '{/foreach}'), array('"; } else { $ret .= "', '"; } $ret .= "', '"; } $ret .= "'), addslashes($tpl)).'";';
$msg = '$ret .= "'.str_replace(array('{else}', '{/if}', '{/foreach}'), array('"; } else { $ret .= "', '"; } $ret .= "', '"; } $ret .= "'), TplEscape($tpl)).'";';
$parsed = $msg;
$s = strlen($msg);
$x = $pos = -1;