Commit 4c9aea1a authored by dmorley's avatar dmorley

Merge branch 'TheNeikos-fix-xss_in_pod_name'

parents 5dc21db1 26e27e6b
......@@ -22,8 +22,9 @@ EOF;
}
$numrows = pg_num_rows($result);
while ($row = pg_fetch_array($result)) {
$pod_name = htmlentities($row["name"], ENT_QUOTES);
$tip="";
$tip.="\n This pod {$row["name"]} has been watched for {$row["monthsmonitored"]} months and its average ping time is {$row["responsetimelast7"]} with uptime of {$row["uptimelast7"]}% this month and was last checked on {$row["dateupdated"]}. ";
$tip.="\n This pod {$pod_name} has been watched for {$row["monthsmonitored"]} months and its average ping time is {$row["responsetimelast7"]} with uptime of {$row["uptimelast7"]}% this month and was last checked on {$row["dateupdated"]}. ";
$tip.="On a score of -20 to +20 this pod is a {$row["score"]} right now";
if ($row["secure"] == "true") {$method = "https://";} else {$method = "http://";}
echo <<<EOF
......
......@@ -63,7 +63,8 @@ $tip="This pod does not offer SSL";
$verdiff = str_replace(".", "", $row["masterversion"]) - str_replace('.', '', $row["shortversion"]);
$tip.="\n This pod {$row["name"]} has been watched for {$row["monthsmonitored"]} months and its average ping time is {$row["responsetimelast7"]} with uptime of {$row["uptimelast7"]}% this month and was last checked on {$row["dateupdated"]}. ";
$pod_name = htmlentities($row["name"], ENT_QUOTES);
$tip.="\n This pod {$pod_name} has been watched for {$row["monthsmonitored"]} months and its average ping time is {$row["responsetimelast7"]} with uptime of {$row["uptimelast7"]}% this month and was last checked on {$row["dateupdated"]}. ";
$tip.="On a score of -20 to +20 this pod is a {$row["score"]} right now";
echo "<tr><td><a class='$class' target='new' href='". $method . $row["domain"] ."'>" . $row["domain"] . " <div title='$tip' class='tipsy' style='display: inline-block'>?</div></a></td>";
......
......@@ -52,7 +52,8 @@ $class="red";
$tip="This pod does not offer SSL";
}
$verdiff = str_replace(".", "", $row["masterversion"]) - str_replace('.', '', $row["shortversion"]);
$tip.="\n This {$row["softwarename"]} pod {$row["name"]} has been watched for {$row["monthsmonitored"]} months and with an uptime of {$row["uptimelast7"]}% this month and was last checked on {$row["dateupdated"]}. ";
$pod_name = htmlentities($row["name"], ENT_QUOTES);
$tip.="\n This {$row["softwarename"]} pod {$pod_name} has been watched for {$row["monthsmonitored"]} months and with an uptime of {$row["uptimelast7"]}% this month and was last checked on {$row["dateupdated"]}. ";
$tip.="On a scale of -20 to +20 this pod is a {$row["score"]} right now";
echo "<tr><td><a class='$class' target='new' href='". $method . $row["domain"] ."'>" . $row["domain"] . "</a> <div title='$tip' class='tipsy morehover'> ?</div></td>";
"</div></td>";
......
......@@ -69,7 +69,8 @@ $tip="This pod does not offer SSL";
$verdiff = str_replace(".", "", $row["masterversion"]) - str_replace('.', '', $row["shortversion"]);
$tip.="\n This {$row["softwarename"]} pod {$row["name"]} has been watched for {$row["monthsmonitored"]} months with an uptime of {$row["uptimelast7"]}% this month and a response time average today of {$row["responsetimelast7"]}ms was last checked on {$row["dateupdated"]}. ";
$pod_name = htmlentities($row["name"], ENT_QUOTES);
$tip.="\n This {$row["softwarename"]} pod {$pod_name} has been watched for {$row["monthsmonitored"]} months with an uptime of {$row["uptimelast7"]}% this month and a response time average today of {$row["responsetimelast7"]}ms was last checked on {$row["dateupdated"]}. ";
$tip.="On a scale of -20 to +20 this pod is a {$row["score"]} right now";
echo "<tr><td><a class='$class' target='new' href='". $method . $row["domain"] ."'>" . $row["domain"] . " <div title='$tip' class='tipsy' style='display: inline-block'>?</div></a></td>";
......
......@@ -37,9 +37,10 @@ $numrows = pg_num_rows($result);
if ($row["service_tumblr"] == "t") {$feat.= "<div id=\'tumblr\' class=\'smlogo\'></div>";}
if ($row["service_wordpress"] == "t") {$feat.= "<div id=\'wordpress\' class=\'smlogo\'></div>";}
unset($signup);if ($row["signup"] == 1) {$signup = "yes";} else {$signup= "no";}
$pod_name = htmlentities($row["name"], ENT_QUOTES);
echo <<<EOF
{ "type": "Feature", "id":"1", "properties":
{ "html":"{$row["name"]}<br><a href=\'http://{$row["domain"]}\'>Visit</a> {$row["domain"]}<br> Open Signup: {$signup}<br> Users: {$row["active_users_halfyear"]}<br> Uptime: {$row["uptimelast7"]}%<br> Services:{$feat}" }, "geometry": { "type": "Point", "coordinates": [{$row["long"]},{$row["lat"]} ] } },
{ "type": "Feature", "id":"1", "properties":
{ "html":"{$pod_name}<br><a href=\'http://{$row["domain"]}\'>Visit</a>{$row["domain"]}<br> Open Signup: {$signup}<br> Users: {$row["active_users_halfyear"]}<br> Uptime: {$row["uptimelast7"]}%<br> Services:{$feat}" }, "geometry": { "type": "Point", "coordinates": [{$row["long"]},{$row["lat"]} ] } },
EOF;
}
?>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment