Francois Gouget : testbot/web: Escape the GetTaskURL() ampersands.

[Alexandre Julliard]

Module: tools
Branch: master
Commit: 5c47cafbb319ba7aa70f9e9bf2c75dd00c3ad76c
URL:    https://source.winehq.org/git/tools.git/?a=commit;h=5c47cafbb319ba7aa70f9e9bf2c75dd00c3ad76c

Author: Francois Gouget <fgouget at codeweavers.com>
Date:   Thu Apr 21 16:25:02 2022 +0200

testbot/web: Escape the GetTaskURL() ampersands.

Signed-off-by: Francois Gouget <fgouget at codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard at winehq.org>

---

 testbot/web/Activity.pl | 2 +-
 testbot/web/Stats.pl    | 8 ++++++--
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/testbot/web/Activity.pl b/testbot/web/Activity.pl
index 5a5a375..a924358 100644
--- a/testbot/web/Activity.pl
+++ b/testbot/web/Activity.pl
@@ -238,7 +238,7 @@ EOF
             $Label .= "/64" if ($Bitness);
           }
         }
-        my $URL = GetTaskURL($VMStatus->{job}->Id, $VMStatus->{step}->No, $VMStatus->{task}->No);
+        my $URL = $self->escapeHTML(GetTaskURL($VMStatus->{job}->Id, $VMStatus->{step}->No, $VMStatus->{task}->No));
         my $Title = $self->escapeHTML($VMStatus->{job}->Remarks);
         $Label = "<a href='$URL' title='$Title'>$Label</a>";
       }
diff --git a/testbot/web/Stats.pl b/testbot/web/Stats.pl
index 3c0fe99..773fe3b 100644
--- a/testbot/web/Stats.pl
+++ b/testbot/web/Stats.pl
@@ -147,7 +147,7 @@ sub _GetStatHtml($$;$$)
     my ($JobId, $StepNo, $TaskNo) = ObjectModel::Collection::SplitKey(undef, $SrcObj->GetFullKey());
     if (defined $TaskNo)
     {
-      return "<a href='". GetTaskURL($JobId, $StepNo, $TaskNo) ."'>$Value</a>";
+      return "<a href='". $Stats->{Page}->escapeHTML(GetTaskURL($JobId, $StepNo, $TaskNo)) ."'>$Value</a>";
     }
     return "<a href='/index.pl#job$JobId'>$Value</a>";
   }
@@ -174,6 +174,7 @@ sub _GenStatsLine($$$$;$)
   foreach my $Col (@$ColumnKeys)
   {
     my $Stats = $RowStats->{items}->{$Col};
+    $Stats->{Page} = $RowStats->{Page};
     my $Value = _GetStatHtml($Stats, $StatKey, $RowStats, $Flags);
     print "<td>$Value</td>\n";
   }
@@ -205,6 +206,7 @@ sub GenerateBody($)
   ### Show global statistics
 
   my $GlobalStats = $Stats->{global};
+  $GlobalStats->{Page} = $self;
   print "<h2>General statistics</h2>\n";
   print "<div class='CollectionBlock'><table>\n";
 
@@ -251,6 +253,7 @@ sub GenerateBody($)
 
   print "<tr><td class='StatSeparator'>Activity</td><td colspan='2'><hr></td></tr>\n";
   my $VMsStats = $Stats->{vms};
+  $VMsStats->{Page} = $self;
   _GenGlobalLine($VMsStats, "elapsed", "Activity history", "How far back the activity records go. This is used for the VM and VM host tables.");
   _GenGlobalLine($GlobalStats, "records.count", "Record count", "The number of activity records.");
 
@@ -264,7 +267,8 @@ sub GenerateBody($)
 
   print "<thead><tr><th>Stat</th>\n";
   my $HostsStats = $Stats->{hosts};
-  my $SortedHosts = [ sort keys %{$Stats->{hosts}->{items}} ];
+  $HostsStats->{Page} = $self;
+  my $SortedHosts = [ sort keys %{$HostsStats->{items}} ];
   foreach my $Host (@$SortedHosts)
   {
     my $DisplayHost = $Host;