From d115116fe29b6e75e6954c752a83747d15527019 Mon Sep 17 00:00:00 2001 From: Herafia Date: Wed, 8 Jul 2026 11:26:41 +0200 Subject: [PATCH 1/3] fix confirm dialog js escaping --- templates/clientinjection_upload_file.html.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/clientinjection_upload_file.html.twig b/templates/clientinjection_upload_file.html.twig index 4d7b1617..43ffaa20 100644 --- a/templates/clientinjection_upload_file.html.twig +++ b/templates/clientinjection_upload_file.html.twig @@ -69,7 +69,7 @@ {% else %} {% set message = __("Watch out, you're about to inject data into GLPI. Are you sure you want to do it ?", 'datainjection') %} {% endif %} - + {% else %} {% endif %} From a222ee557bdb2dfc694234b45978ff27f20fbf93 Mon Sep 17 00:00:00 2001 From: Herafia Date: Wed, 8 Jul 2026 11:28:27 +0200 Subject: [PATCH 2/3] CHANGELOG --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 76d19af4..0c9c8ee4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/). +## [UNRELEASED] + +### Fixed + +- Fix : confirm dialog js escaping + ## [2.15.8] - 2026-06-24 ### Fixed From 3925f96204017511ae3b6e8558117440546bea73 Mon Sep 17 00:00:00 2001 From: Herafia Date: Wed, 8 Jul 2026 14:00:51 +0200 Subject: [PATCH 3/3] fix for phpstan --- ajax/injection.php | 2 ++ ajax/results.php | 2 ++ front/clientinjection.form.php | 2 ++ inc/clientinjection.class.php | 1 + inc/mapping.class.php | 1 + inc/model.class.php | 1 + 6 files changed, 9 insertions(+) diff --git a/ajax/injection.php b/ajax/injection.php index 7282477a..3725c856 100644 --- a/ajax/injection.php +++ b/ajax/injection.php @@ -28,6 +28,8 @@ * ------------------------------------------------------------------------- */ +use function Safe\unserialize; + // Direct access to file if (strpos($_SERVER['PHP_SELF'], "injection.php")) { header("Content-Type: text/html; charset=UTF-8"); diff --git a/ajax/results.php b/ajax/results.php index c1e28b31..704c30d4 100644 --- a/ajax/results.php +++ b/ajax/results.php @@ -28,6 +28,8 @@ * ------------------------------------------------------------------------- */ +use function Safe\unserialize; + // Direct access to file if (strpos($_SERVER['PHP_SELF'], "results.php")) { header("Content-Type: text/html; charset=UTF-8"); diff --git a/front/clientinjection.form.php b/front/clientinjection.form.php index 7eff9e6e..5dbf9789 100644 --- a/front/clientinjection.form.php +++ b/front/clientinjection.form.php @@ -28,6 +28,8 @@ * ------------------------------------------------------------------------- */ +use function Safe\unserialize; + Session::checkRight("plugin_datainjection_use", READ); Html::header( diff --git a/inc/clientinjection.class.php b/inc/clientinjection.class.php index 66b4e210..a9695ddc 100644 --- a/inc/clientinjection.class.php +++ b/inc/clientinjection.class.php @@ -41,6 +41,7 @@ use function Safe\json_encode; use function Safe\readfile; use function Safe\unlink; +use function Safe\unserialize; class PluginDatainjectionClientInjection { diff --git a/inc/mapping.class.php b/inc/mapping.class.php index 98f059d1..19d87f47 100644 --- a/inc/mapping.class.php +++ b/inc/mapping.class.php @@ -32,6 +32,7 @@ use function Safe\ob_get_clean; use function Safe\ob_start; +use function Safe\unserialize; class PluginDatainjectionMapping extends CommonDBTM { diff --git a/inc/model.class.php b/inc/model.class.php index 29b03cf1..7c6f790a 100644 --- a/inc/model.class.php +++ b/inc/model.class.php @@ -33,6 +33,7 @@ use function Safe\json_decode; use function Safe\realpath; use function Safe\tempnam; +use function Safe\unserialize; /** * -------------------------------------------------------------------------