diff --git a/CHANGELOG.md b/CHANGELOG.md index 76d19af4..0c9c8ee4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/). +## [UNRELEASED] + +### Fixed + +- Fix : confirm dialog js escaping + ## [2.15.8] - 2026-06-24 ### Fixed diff --git a/ajax/injection.php b/ajax/injection.php index 7282477a..3725c856 100644 --- a/ajax/injection.php +++ b/ajax/injection.php @@ -28,6 +28,8 @@ * ------------------------------------------------------------------------- */ +use function Safe\unserialize; + // Direct access to file if (strpos($_SERVER['PHP_SELF'], "injection.php")) { header("Content-Type: text/html; charset=UTF-8"); diff --git a/ajax/results.php b/ajax/results.php index c1e28b31..704c30d4 100644 --- a/ajax/results.php +++ b/ajax/results.php @@ -28,6 +28,8 @@ * ------------------------------------------------------------------------- */ +use function Safe\unserialize; + // Direct access to file if (strpos($_SERVER['PHP_SELF'], "results.php")) { header("Content-Type: text/html; charset=UTF-8"); diff --git a/front/clientinjection.form.php b/front/clientinjection.form.php index 7eff9e6e..5dbf9789 100644 --- a/front/clientinjection.form.php +++ b/front/clientinjection.form.php @@ -28,6 +28,8 @@ * ------------------------------------------------------------------------- */ +use function Safe\unserialize; + Session::checkRight("plugin_datainjection_use", READ); Html::header( diff --git a/inc/clientinjection.class.php b/inc/clientinjection.class.php index 66b4e210..a9695ddc 100644 --- a/inc/clientinjection.class.php +++ b/inc/clientinjection.class.php @@ -41,6 +41,7 @@ use function Safe\json_encode; use function Safe\readfile; use function Safe\unlink; +use function Safe\unserialize; class PluginDatainjectionClientInjection { diff --git a/inc/mapping.class.php b/inc/mapping.class.php index 98f059d1..19d87f47 100644 --- a/inc/mapping.class.php +++ b/inc/mapping.class.php @@ -32,6 +32,7 @@ use function Safe\ob_get_clean; use function Safe\ob_start; +use function Safe\unserialize; class PluginDatainjectionMapping extends CommonDBTM { diff --git a/inc/model.class.php b/inc/model.class.php index 29b03cf1..7c6f790a 100644 --- a/inc/model.class.php +++ b/inc/model.class.php @@ -33,6 +33,7 @@ use function Safe\json_decode; use function Safe\realpath; use function Safe\tempnam; +use function Safe\unserialize; /** * ------------------------------------------------------------------------- diff --git a/templates/clientinjection_upload_file.html.twig b/templates/clientinjection_upload_file.html.twig index 4d7b1617..43ffaa20 100644 --- a/templates/clientinjection_upload_file.html.twig +++ b/templates/clientinjection_upload_file.html.twig @@ -69,7 +69,7 @@ {% else %} {% set message = __("Watch out, you're about to inject data into GLPI. Are you sure you want to do it ?", 'datainjection') %} {% endif %} - + {% else %} {% endif %}