AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-06 13:54:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add sanitize the remaining uris that allow uri type:// refactored service details

Browse Source
This commit is contained in:
johnnyq
2025-06-10 12:11:58 -04:00
parent ac3a02baea
commit 8745d09890
5 changed files with 128 additions and 230 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ajax/ajax_asset_details.php
View File

@@ -300,10 +300,10 @@ ob_start();
<div class="mt-2"><i class="fa fa-fw fa-ethernet text-secondary mr-2"></i><?php echo $asset_mac; ?></div> <div class="mt-2"><i class="fa fa-fw fa-ethernet text-secondary mr-2"></i><?php echo $asset_mac; ?></div>
<?php } <?php }
if ($asset_uri) { ?> if ($asset_uri) { ?>
<div class="mt-2"><i class="fa fa-fw fa-link text-secondary mr-2"></i><a href="<?php echo $asset_uri; ?>" target="_blank"><?php echo truncate($asset_uri, 20); ?></a></div> <div class="mt-2"><i class="fa fa-fw fa-link text-secondary mr-2"></i><a href="<?php echo $asset_uri; ?>" target="_blank" title="<?php echo $asset_uri; ?>"><?php echo truncate($asset_uri, 20); ?></a></div>
<?php } <?php }
if ($asset_uri_2) { ?> if ($asset_uri_2) { ?>
<div class="mt-2"><i class="fa fa-fw fa-link text-secondary mr-2"></i><a href="<?php echo $asset_uri_2; ?>" target="_blank"><?php echo truncate($asset_uri_2, 20); ?></a></div> <div class="mt-2"><i class="fa fa-fw fa-link text-secondary mr-2"></i><a href="<?php echo $asset_uri_2; ?>" target="_blank" title="<?php echo $asset_uri_2; ?>"><?php echo truncate($asset_uri_2, 20); ?></a></div>
<?php } ?> <?php } ?>
</div> </div>
</div> </div>

6
ajax/ajax_credential_edit.php
View File

@@ -12,6 +12,8 @@ $credential_name = nullable_htmlentities($row['credential_name']);
$credential_description = nullable_htmlentities($row['credential_description']); $credential_description = nullable_htmlentities($row['credential_description']);
$credential_uri = nullable_htmlentities($row['credential_uri']); $credential_uri = nullable_htmlentities($row['credential_uri']);
$credential_uri_2 = nullable_htmlentities($row['credential_uri_2']); $credential_uri_2 = nullable_htmlentities($row['credential_uri_2']);
$credential_uri_link = sanitize_url($row['credential_uri']);
$credential_uri_2_link = sanitize_url($row['credential_uri_2']);
$credential_username = nullable_htmlentities(decryptCredentialEntry($row['credential_username'])); $credential_username = nullable_htmlentities(decryptCredentialEntry($row['credential_username']));
$credential_password = nullable_htmlentities(decryptCredentialEntry($row['credential_password'])); $credential_password = nullable_htmlentities(decryptCredentialEntry($row['credential_password']));
$credential_otp_secret = nullable_htmlentities($row['credential_otp_secret']); $credential_otp_secret = nullable_htmlentities($row['credential_otp_secret']);
@@ -137,7 +139,7 @@ ob_start();
<input type="text" class="form-control" name="uri" placeholder="ex. http://192.168.1.1" maxlength="500" value="<?php echo $credential_uri; ?>"> <input type="text" class="form-control" name="uri" placeholder="ex. http://192.168.1.1" maxlength="500" value="<?php echo $credential_uri; ?>">
<div class="input-group-append"> <div class="input-group-append">
<a href="<?php echo $credential_uri; ?>" class="input-group-text"><i class="fa fa-fw fa-link"></i></a> <a href="<?php echo $credential_uri_link; ?>" target="_blank" class="input-group-text"><i class="fa fa-fw fa-link"></i></a>
</div> </div>
<div class="input-group-append"> <div class="input-group-append">
<button class="input-group-text clipboardjs" type="button" data-clipboard-text="<?php echo $credential_uri; ?>"><i class="fa fa-fw fa-copy"></i></button> <button class="input-group-text clipboardjs" type="button" data-clipboard-text="<?php echo $credential_uri; ?>"><i class="fa fa-fw fa-copy"></i></button>
@@ -153,7 +155,7 @@ ob_start();
</div> </div>
<input type="text" class="form-control" name="uri_2" placeholder="ex. https://server.company.com:5001" maxlength="500" value="<?php echo $credential_uri_2; ?>"> <input type="text" class="form-control" name="uri_2" placeholder="ex. https://server.company.com:5001" maxlength="500" value="<?php echo $credential_uri_2; ?>">
<div class="input-group-append"> <div class="input-group-append">
<a href="<?php echo $credential_uri_2; ?>" class="input-group-text"><i class="fa fa-fw fa-link"></i></a> <a href="<?php echo $credential_uri_2_link; ?>" target="_blank" class="input-group-text"><i class="fa fa-fw fa-link"></i></a>
</div> </div>
<div class="input-group-append"> <div class="input-group-append">
<button class="input-group-text clipboardjs" type="button" data-clipboard-text="<?php echo $credential_uri_2; ?>"><i class="fa fa-fw fa-copy"></i></button> <button class="input-group-text clipboardjs" type="button" data-clipboard-text="<?php echo $credential_uri_2; ?>"><i class="fa fa-fw fa-copy"></i></button>

338
ajax/ajax_service_details.php
View File

@@ -5,7 +5,6 @@ require_once '../includes/ajax_header.php';
$service_id = intval($_GET['id']); $service_id = intval($_GET['id']);
$sql = mysqli_query($mysqli, "SELECT * FROM services WHERE service_id = $service_id LIMIT 1"); $sql = mysqli_query($mysqli, "SELECT * FROM services WHERE service_id = $service_id LIMIT 1");
$row = mysqli_fetch_array($sql); $row = mysqli_fetch_array($sql);
$service_name = nullable_htmlentities($row['service_name']); $service_name = nullable_htmlentities($row['service_name']);
$service_description = nullable_htmlentities($row['service_description']); $service_description = nullable_htmlentities($row['service_description']);
@@ -17,6 +16,7 @@ $service_created_at = nullable_htmlentities($row['service_created_at']);
$service_updated_at = nullable_htmlentities($row['service_updated_at']); $service_updated_at = nullable_htmlentities($row['service_updated_at']);
$service_review_due = nullable_htmlentities($row['service_review_due']); $service_review_due = nullable_htmlentities($row['service_review_due']);
$client_id = intval($row['service_client_id']); $client_id = intval($row['service_client_id']);
// Service Importance // Service Importance
if ($service_importance == "High") { if ($service_importance == "High") {
$service_importance_display = "<span class='p-2 badge badge-danger'>$service_importance</span>"; $service_importance_display = "<span class='p-2 badge badge-danger'>$service_importance</span>";
@@ -55,6 +55,7 @@ $sql_domains = mysqli_query(
LEFT JOIN domains ON service_domains.domain_id = domains.domain_id LEFT JOIN domains ON service_domains.domain_id = domains.domain_id
WHERE service_id = $service_id" WHERE service_id = $service_id"
); );
// Associated Certificates // Associated Certificates
$sql_certificates = mysqli_query( $sql_certificates = mysqli_query(
$mysqli, $mysqli,
@@ -63,10 +64,6 @@ $sql_certificates = mysqli_query(
WHERE service_id = $service_id" WHERE service_id = $service_id"
); );
// Associated URLs ---- REMOVED for now
//$sql_urls = mysqli_query($mysqli, "SELECT * FROM service_urls
//WHERE service_id = '$service_id'");
// Associated Vendors // Associated Vendors
$sql_vendors = mysqli_query( $sql_vendors = mysqli_query(
$mysqli, $mysqli,
@@ -116,149 +113,99 @@ ob_start();
<!-- Assets --> <!-- Assets -->
<?php <?php
if (mysqli_num_rows($sql_assets) > 0) { ?> if (mysqli_num_rows($sql_assets) > 0) {
<h5><i class="fas fa-fw fa-desktop mr-2"></i>Assets</h5> echo "<h5><i class='fas fa-fw fa-desktop mr-2'></i>Assets</h5><ul>";
<ul> mysqli_data_seek($sql_assets, 0);
<?php while ($row = mysqli_fetch_array($sql_assets)) {
// Reset the $sql_assets pointer to the start - as we've already cycled through once $asset_id = intval($row['asset_id']);
mysqli_data_seek($sql_assets, 0); $asset_name = nullable_htmlentities($row['asset_name']);
$ip = !empty($row['interface_ip']) ? '(' . nullable_htmlentities($row['interface_ip']) . ')' : '';
while ($row = mysqli_fetch_array($sql_assets)) { echo "<li><a href='#' data-toggle='ajax-modal' data-modal-size='lg' data-ajax-url='ajax/ajax_asset_details.php' data-ajax-id='$asset_id'>$asset_name</a>$ip</li>";
$asset_id = intval($row['asset_id']); }
$asset_name = nullable_htmlentities($row['asset_name']); echo "</ul>";
if (!empty($row['interface_ip'])) {
$ip = '('.nullable_htmlentities($row["interface_ip"]).')';
} else {
$ip = '';
}
echo "<li><a href='#' data-toggle='ajax-modal'
data-modal-size='lg'
data-ajax-url='ajax/ajax_asset_details.php'
data-ajax-id='$asset_id'>$asset_name</a>$ip</li>";
}
?>
</ul>
<?php
} }
?> ?>
<!-- Networks --> <!-- Networks -->
<?php <?php
$networks = [];
if ($sql_assets) { if ($sql_assets) {
$networks = [];
// Reset the $sql_assets pointer to the start
mysqli_data_seek($sql_assets, 0); mysqli_data_seek($sql_assets, 0);
// Get networks linked to assets - push name to array
while ($row = mysqli_fetch_array($sql_assets)) { while ($row = mysqli_fetch_array($sql_assets)) {
if (!empty($row['network_name'])) { if (!empty($row['network_name'])) {
$network_data = nullable_htmlentities("$row[network_name]:$row[network_vlan]"); $network_data = nullable_htmlentities($row["network_name"]) . ':' . nullable_htmlentities($row["network_vlan"]);
array_push($networks, $network_data); $networks[] = $network_data;
} }
} }
// Remove duplicates
$networks = array_unique($networks); $networks = array_unique($networks);
if (!empty($networks)) {
// Display echo "<h5><i class='fas fa-fw fa-network-wired mr-2'></i>Networks</h5><ul>";
if (!empty($networks)) { ?> foreach ($networks as $network) {
<h5><i class="fas fa-fw fa-network-wired mr-2"></i>Networks</h5> $network_parts = explode(":", $network);
<ul> $network_name = $network_parts[0];
<?php $network_vlan = $network_parts[1] ?? '';
echo "<li><a href='networks.php?client_id=$client_id&q=$network_name'>$network_name</a> (VLAN $network_vlan)</li>";
}
echo "</ul>";
} }
foreach($networks as $network) {
$network = explode(":", $network);
echo "<li><a href=\"networks.php?client_id=$client_id&q=$network[0]\">$network[0] </a>(VLAN $network[1])</li>";
}
?>
</ul>
<?php
} }
?> ?>
<!-- Locations --> <!-- Locations -->
<?php <?php
$location_names = [];
if ($sql_assets) { if ($sql_assets) {
$location_names = [];
// Reset the $sql_assets pointer to the start - as we've already cycled through once
mysqli_data_seek($sql_assets, 0); mysqli_data_seek($sql_assets, 0);
// Get locations linked to assets - push their name and vlan to arrays
while ($row = mysqli_fetch_array($sql_assets)) { while ($row = mysqli_fetch_array($sql_assets)) {
if (!empty($row['location_name'])) { if (!empty($row['location_name'])) {
array_push($location_names, $row['location_name']); $location_names[] = nullable_htmlentities($row['location_name']);
} }
} }
// Remove duplicates
$location_names = array_unique($location_names); $location_names = array_unique($location_names);
if (!empty($location_names)) {
// Display echo "<h5><i class='fas fa-fw fa-map-marker-alt mr-2'></i>Locations</h5><ul>";
if (!empty($location_names)) { ?> foreach ($location_names as $location) {
<h5><i class="fas fa-fw fa-map-marker-alt mr-2"></i>Locations</h5> echo "<li><a href='locations.php?client_id=$client_id&q=$location'>$location</a></li>";
<ul> }
<?php echo "</ul>";
} }
foreach($location_names as $location) {
echo "<li><a href=\"locations.php?client_id=$client_id&q=$location\">$location</a></li>";
}
?>
</ul>
<?php
} }
?> ?>
<!-- Domains --> <!-- Domains -->
<?php <?php
if (mysqli_num_rows($sql_domains) > 0) { ?> if (mysqli_num_rows($sql_domains) > 0) {
<h5><i class="fas fa-fw fa-globe mr-2"></i>Domains</h5> echo "<h5><i class='fas fa-fw fa-globe mr-2'></i>Domains</h5><ul>";
<ul> mysqli_data_seek($sql_domains, 0);
<?php while ($row = mysqli_fetch_array($sql_domains)) {
// Reset the $sql_domains pointer to the start if (!empty($row['domain_name'])) {
mysqli_data_seek($sql_domains, 0); $domain_name = nullable_htmlentities($row['domain_name']);
echo "<li><a href='domains.php?client_id=$client_id&q=$domain_name'>$domain_name</a></li>";
// Showing linked domains
while ($row = mysqli_fetch_array($sql_domains)) {
if (!empty($row['domain_name'])) {
echo "<li><a href=\"domains.php?client_id=$client_id&q=$row[domain_name]\">$row[domain_name]</a></li>";
}
} }
?> }
</ul> echo "</ul>";
<?php
} }
?> ?>
<!-- Certificates --> <!-- Certificates -->
<?php <?php
if (mysqli_num_rows($sql_certificates) > 0) { ?> if (mysqli_num_rows($sql_certificates) > 0) {
<h5><i class="fas fa-fw fa-lock mr-2"></i>Certificates</h5> echo "<h5><i class='fas fa-fw fa-lock mr-2'></i>Certificates</h5><ul>";
<ul> mysqli_data_seek($sql_certificates, 0);
<?php while ($row = mysqli_fetch_array($sql_certificates)) {
// Reset the $sql_certificates pointer to the start if (!empty($row['certificate_name'])) {
mysqli_data_seek($sql_certificates, 0); $certificate_name = nullable_htmlentities($row['certificate_name']);
$certificate_domain = nullable_htmlentities($row['certificate_domain']);
// Showing linked certs echo "<li><a href='certificates.php?client_id=$client_id&q=$certificate_name'>$certificate_name ($certificate_domain)</a></li>";
while ($row = mysqli_fetch_array($sql_certificates)) {
if (!empty($row['certificate_name'])) {
echo "<li><a href=\"certificates.php?client_id=$client_id&q=$row[certificate_name]\">$row[certificate_name] ($row[certificate_domain])</a></li>";
}
} }
?> }
</ul> echo "</ul>";
<?php
} }
?> ?>
</div> </div>
</div> </div>
<!-- Right side --> <!-- Right side -->
<div class="col-4"> <div class="col-4">
<div class="col-12"> <div class="col-12">
@@ -267,148 +214,96 @@ ob_start();
<!-- Vendors --> <!-- Vendors -->
<?php <?php
// Reset the $sql_vendors pointer to the start if (mysqli_num_rows($sql_vendors) > 0) {
mysqli_data_seek($sql_vendors, 0); echo "<h5><i class='fas fa-fw fa-building mr-2'></i>Vendors</h5><ul>";
mysqli_data_seek($sql_vendors, 0);
if (mysqli_num_rows($sql_vendors) > 0) { ?> while ($row = mysqli_fetch_array($sql_vendors)) {
<h5><i class="fas fa-fw fa-building mr-2"></i>Vendors</h5> $vendor_id = intval($row['vendor_id']);
<ul> $vendor_name = nullable_htmlentities($row['vendor_name']);
<?php echo "<li><a href='#' data-toggle='ajax-modal' data-modal-size='lg' data-ajax-url='ajax/ajax_vendor_details.php' data-ajax-id='$vendor_id'>$vendor_name</a></li>";
while ($row = mysqli_fetch_array($sql_vendors)) { }
echo "</ul>";
$vendor_id = intval($row['vendor_id']);
$vendor_name = nullable_htmlentities($row['vendor_name']);
echo "<li><a href='#' data-toggle='ajax-modal'
data-modal-size='lg'
data-ajax-url='ajax/ajax_vendor_details.php'
data-ajax-id='$vendor_id'>
$vendor_name
</a>
</li>";
}
?>
</ul>
<?php
} }
?> ?>
<!-- Contacts --> <!-- Contacts -->
<?php <?php
if (mysqli_num_rows($sql_contacts) > 0) { ?> if (mysqli_num_rows($sql_contacts) > 0) {
<h5><i class="fas fa-fw fa-users mr-2"></i>Contacts</h5> echo "<h5><i class='fas fa-fw fa-users mr-2'></i>Contacts</h5><ul>";
<ul> mysqli_data_seek($sql_contacts, 0);
<?php while ($row = mysqli_fetch_array($sql_contacts)) {
// Reset the $sql_contacts pointer to the start $contact_id = intval($row['contact_id']);
mysqli_data_seek($sql_contacts, 0); $contact_name = nullable_htmlentities($row['contact_name']);
echo "<li><a href='#' data-toggle='ajax-modal' data-modal-size='lg' data-ajax-url='ajax/ajax_contact_details.php' data-ajax-id='$contact_id'>$contact_name</a></li>";
while ($row = mysqli_fetch_array($sql_contacts)) { }
$contact_id = intval($row['contact_id']); echo "</ul>";
$contact_name = nullable_htmlentities($row['contact_name']);
echo "<li><a href='#' data-toggle='ajax-modal'
data-modal-size='lg'
data-ajax-url='ajax/ajax_contact_details.php'
data-ajax-id='$contact_id'>
$contact_name
</a>
</li>";
}
?>
</ul>
<?php
} }
?> ?>
<!-- Credentials --> <!-- Credentials -->
<?php <?php
if (mysqli_num_rows($sql_assets) > 0 || mysqli_num_rows($sql_credentials) > 0) { ?> if (mysqli_num_rows($sql_assets) > 0 || mysqli_num_rows($sql_credentials) > 0) {
<h5><i class="fas fa-fw fa-key mr-2"></i>Credentials</h5> echo "<h5><i class='fas fa-fw fa-key mr-2'></i>Credentials</h5><ul>";
<ul> // Credentials linked to assets
<?php mysqli_data_seek($sql_assets, 0);
// Reset the $sql_assets/credentials pointer to the start while ($row = mysqli_fetch_array($sql_assets)) {
mysqli_data_seek($sql_assets, 0); $credential_name = nullable_htmlentities($row['credential_name']);
mysqli_data_seek($sql_credentials, 0); if (!empty($credential_name)) {
echo "<li><a href='credentials.php?client_id=$client_id&q=$credential_name'>$credential_name</a></li>";
// Showing credentials linked to assets
while ($row = mysqli_fetch_array($sql_assets)) {
if (!empty($row['credential_name'])) {
echo "<li><a href=\"credentials.php?client_id=$client_id&q=$row[credential_name]\">$row[credential_name]</a></li>";
}
} }
}
// Showing explicitly linked credentials // Explicitly linked credentials
while ($row = mysqli_fetch_array($sql_credentials)) { mysqli_data_seek($sql_credentials, 0);
if (!empty($row['credential_name'])) { while ($row = mysqli_fetch_array($sql_credentials)) {
echo "<li><a href=\"credentials.php?client_id=$client_id&q=$row[credential_name]\">$row[credential_name]</a></li>"; $credential_name = nullable_htmlentities($row['credential_name']);
} if (!empty($credential_name)) {
echo "<li><a href='credentials.php?client_id=$client_id&q=$credential_name'>$credential_name</a></li>";
} }
?> }
</ul> echo "</ul>";
<?php
} }
?> ?>
<!-- URLs --> <!-- URLs -->
<?php <?php
if ($sql_credentials || $sql_assets) { ?> $urls = [];
<h5><i class="fas fa-fw fa-link mr-2"></i>URLs</h5> mysqli_data_seek($sql_credentials, 0);
<ul> while ($row = mysqli_fetch_array($sql_credentials)) {
<?php if (!empty($row['credential_uri'])) {
// Reset the $sql_credentials pointer to the start $urls[] = sanitize_url($row['credential_uri']);
mysqli_data_seek($sql_credentials, 0); }
}
// Showing URLs linked to credentials mysqli_data_seek($sql_assets, 0);
while ($row = mysqli_fetch_array($sql_credentials)) { while ($row = mysqli_fetch_array($sql_assets)) {
if (!empty($row['credential_uri'])) { if (!empty($row['asset_uri'])) {
echo "<li><a href=\"https://$row[credential_uri]\">$row[credential_uri]</a></li>"; $urls[] = sanitize_url($row['asset_uri']);
} }
} }
$urls = array_unique($urls);
// Reset the $sql_assets pointer to the start if (!empty($urls)) {
mysqli_data_seek($sql_assets, 0); echo "<h5><i class='fas fa-fw fa-link mr-2'></i>URLs</h5><ul>";
foreach ($urls as $url) {
// Show URLs linked to assets, that also have credentials $label = htmlspecialchars(parse_url($url, PHP_URL_HOST) ?: $url);
while ($row = mysqli_fetch_array($sql_assets)) { echo "<li><a href='$url' target='_blank'>$label</a></li>";
if (!empty($row['credential_uri'])) { }
echo "<li><a href=\"https://$row[credential_uri]\">$row[credential_uri]</a></li>"; echo "</ul>";
}
}
?>
</ul>
<?php
} }
?> ?>
<!-- Documents --> <!-- Documents -->
<?php <?php
if (mysqli_num_rows($sql_docs) > 0) { ?> if (mysqli_num_rows($sql_docs) > 0) {
<h5><i class="fas fa-fw fa-file-alt mr-2"></i>Documents</h5> echo "<h5><i class='fas fa-fw fa-file-alt mr-2'></i>Documents</h5><ul>";
<ul> mysqli_data_seek($sql_docs, 0);
<?php while ($row = mysqli_fetch_array($sql_docs)) {
// Reset the $sql_docs pointer to the start $document_id = intval($row['document_id']);
mysqli_data_seek($sql_docs, 0); $document_name = nullable_htmlentities($row['document_name']);
echo "<li><a href='#' data-toggle='ajax-modal' data-modal-size='lg' data-ajax-url='ajax/ajax_document_view.php' data-ajax-id='$document_id'>$document_name</a></li>";
while ($row = mysqli_fetch_array($sql_docs)) { }
$document_id = intval($row['document_id']); echo "</ul>";
$document_name = nullable_htmlentities($row['document_name']);
echo "<li><a href='#' data-toggle='ajax-modal'
data-modal-size='lg'
data-ajax-url='ajax/ajax_document_view.php'
data-ajax-id='$document_id'>
$document_name
</a>
</li>";
}
?>
</ul>
<?php
} }
?> ?>
<!-- <h5><i class="nav-icon fas fa-file-alt"></i> Services</h5>-->
<!-- <ul>-->
<!-- <li>Related Service - Coming soon!</li>-->
<!-- </ul>-->
</div> </div>
</div> </div>
</div> </div>
@@ -416,3 +311,4 @@ ob_start();
<?php <?php
require_once "../includes/ajax_footer.php"; require_once "../includes/ajax_footer.php";
?>

4
asset_details.php
View File

@@ -292,10 +292,10 @@ if (isset($_GET['asset_id'])) {
<div class="mt-2"><i class="fa fa-fw fa-ethernet text-secondary mr-2"></i><?php echo $asset_mac; ?></div> <div class="mt-2"><i class="fa fa-fw fa-ethernet text-secondary mr-2"></i><?php echo $asset_mac; ?></div>
<?php } <?php }
if ($asset_uri) { ?> if ($asset_uri) { ?>
<div class="mt-2"><i class="fa fa-fw fa-link text-secondary mr-2"></i><a href="<?php echo $asset_uri; ?>" target="_blank"><?php echo truncate($asset_uri, 20); ?></a></div> <div class="mt-2"><i class="fa fa-fw fa-link text-secondary mr-2"></i><a href="<?php echo $asset_uri; ?>" target="_blank" title="<?php echo $asset_uri; ?>"><?php echo truncate($asset_uri, 20); ?></a></div>
<?php } <?php }
if ($asset_uri_2) { ?> if ($asset_uri_2) { ?>
<div class="mt-2"><i class="fa fa-fw fa-link text-secondary mr-2"></i><a href="<?php echo $asset_uri_2; ?>" target="_blank"><?php echo truncate($asset_uri_2, 20); ?></a></div> <div class="mt-2"><i class="fa fa-fw fa-link text-secondary mr-2"></i><a href="<?php echo $asset_uri_2; ?>" target="_blank" title="<?php echo $asset_uri_2; ?>"><?php echo truncate($asset_uri_2, 20); ?></a></div>
<?php } ?> <?php } ?>
</div> </div>
</div> </div>

6
credentials.php
View File

@@ -300,13 +300,13 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
$credential_id = intval($row['c_credential_id']); $credential_id = intval($row['c_credential_id']);
$credential_name = nullable_htmlentities($row['credential_name']); $credential_name = nullable_htmlentities($row['credential_name']);
$credential_description = nullable_htmlentities($row['credential_description']); $credential_description = nullable_htmlentities($row['credential_description']);
$credential_uri = nullable_htmlentities($row['credential_uri']); $credential_uri = sanitize_url($row['credential_uri']);
if (empty($credential_uri)) { if (empty($credential_uri)) {
$credential_uri_display = "-"; $credential_uri_display = "-";
} else { } else {
$credential_uri_display = truncate($credential_uri,40) . "<button class='btn btn-sm clipboardjs' type='button' data-clipboard-text='$credential_uri'><i class='far fa-copy text-secondary'></i></button>"; $credential_uri_display = "<a href='$credential_uri'>" . truncate($credential_uri,40) . "</a><button class='btn btn-sm clipboardjs' type='button' title='$credential_uri' data-clipboard-text='$credential_uri'><i class='far fa-copy text-secondary'></i></button>";
} }
$credential_uri_2 = nullable_htmlentities($row['credential_uri_2']); $credential_uri_2 = sanitize_url($row['credential_uri_2']);
$credential_username = nullable_htmlentities(decryptCredentialEntry($row['credential_username'])); $credential_username = nullable_htmlentities(decryptCredentialEntry($row['credential_username']));
if (empty($credential_username)) { if (empty($credential_username)) {
$credential_username_display = "-"; $credential_username_display = "-";