Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](http://keepachangelog.com/)
and this project adheres to [Semantic Versioning](http://semver.org/).

## [UNRELEASED]

### Fixed

- Fix : confirm dialog js escaping

## [2.15.8] - 2026-06-24

### Fixed
Expand Down
2 changes: 2 additions & 0 deletions ajax/injection.php
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,8 @@
* -------------------------------------------------------------------------
*/

use function Safe\unserialize;

// Direct access to file
if (strpos($_SERVER['PHP_SELF'], "injection.php")) {
header("Content-Type: text/html; charset=UTF-8");
Expand Down
2 changes: 2 additions & 0 deletions ajax/results.php
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,8 @@
* -------------------------------------------------------------------------
*/

use function Safe\unserialize;

// Direct access to file
if (strpos($_SERVER['PHP_SELF'], "results.php")) {
header("Content-Type: text/html; charset=UTF-8");
Expand Down
2 changes: 2 additions & 0 deletions front/clientinjection.form.php
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,8 @@
* -------------------------------------------------------------------------
*/

use function Safe\unserialize;

Session::checkRight("plugin_datainjection_use", READ);

Html::header(
Expand Down
1 change: 1 addition & 0 deletions inc/clientinjection.class.php
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@
use function Safe\json_encode;
use function Safe\readfile;
use function Safe\unlink;
use function Safe\unserialize;

class PluginDatainjectionClientInjection
{
Expand Down
1 change: 1 addition & 0 deletions inc/mapping.class.php
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@

use function Safe\ob_get_clean;
use function Safe\ob_start;
use function Safe\unserialize;

class PluginDatainjectionMapping extends CommonDBTM
{
Expand Down
1 change: 1 addition & 0 deletions inc/model.class.php
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@
use function Safe\json_decode;
use function Safe\realpath;
use function Safe\tempnam;
use function Safe\unserialize;

/**
* -------------------------------------------------------------------------
Expand Down
2 changes: 1 addition & 1 deletion templates/clientinjection_upload_file.html.twig
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@
{% else %}
{% set message = __("Watch out, you're about to inject data into GLPI. Are you sure you want to do it ?", 'datainjection') %}
{% endif %}
<input type="submit" class="btn btn-primary" name="upload" value="{{ submit_label }}" onclick="return window.confirm('{{ message }}');">
<input type="submit" class="btn btn-primary" name="upload" value="{{ submit_label }}" onclick="return window.confirm('{{ message|e('js') }}');">
{% else %}
<input type="submit" class="btn btn-primary" name="upload" value="{{ submit_label }}">
{% endif %}
Expand Down