Skip to content

Add Links for uninstall templates From Item Form#186

Open
tsmr wants to merge 13 commits intopluginsGLPI:mainfrom
tsmr:AddLinksFormItemForm
Open

Add Links for uninstall templates From Item Form#186
tsmr wants to merge 13 commits intopluginsGLPI:mainfrom
tsmr:AddLinksFormItemForm

Conversation

@tsmr
Copy link
Copy Markdown

@tsmr tsmr commented Feb 24, 2026

Checklist before requesting a review

Please delete options that are not relevant.

  • I have performed a self-review of my code.
  • I have added tests (when available) that prove my fix is effective or that my feature works.
  • I have updated the CHANGELOG with a short functional description of the fix or new feature.
  • This change requires a documentation update.

Description

  • Here is a brief description of what this PR does :

Add Links for uninstall templates From Item Form (if not replace state dropdown

Screenshots (if appropriate):

image

@stonebuzz
Copy link
Copy Markdown
Contributor

stonebuzz commented Feb 25, 2026

@tsmr
can you adapt CHANGELOG.md ?

Rom1-B
Rom1-B requested changes Mar 9, 2026
View reviewed changes
Comment thread CHANGELOG.md Outdated
@tsmr @Rom1-B
Update CHANGELOG.md
4501f4a 
Co-authored-by: Romain B. <8530352+Rom1-B@users.noreply.github.com>
stonebuzz
stonebuzz requested changes Mar 10, 2026
View reviewed changes
Comment thread CHANGELOG.md Outdated
@tsmr @stonebuzz
Update CHANGELOG.md
b864a02 
Co-authored-by: Stanislas <skita@teclib.com>
@stonebuzz stonebuzz requested review from Rom1-B and stonebuzz March 12, 2026 08:18
Rom1-B
Rom1-B reviewed Mar 12, 2026
View reviewed changes
Comment thread inc/uninstall.class.php Outdated
tsmr and others added 2 commits March 12, 2026 09:45
@tsmr @Rom1-B
Update inc/uninstall.class.php
8e54f7c 
Co-authored-by: Romain B. <8530352+Rom1-B@users.noreply.github.com>
@tsmr
CS fixer
ef16659
stonebuzz
stonebuzz requested changes Mar 12, 2026
View reviewed changes
Comment thread inc/uninstall.class.php Outdated
stonebuzz
stonebuzz requested changes Apr 21, 2026
View reviewed changes
Comment thread inc/uninstall.class.php
Comment on lines +1066 to +1069
ob_start();
self::showFormUninstallation($item->getID(), $item, $users_id, $templates_id);
$html_modal = ob_get_contents();
ob_end_clean();
Copy link
Copy Markdown
Contributor

@stonebuzz stonebuzz Apr 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using output buffering to capture HTML from a method that relies on echo is a fragile pattern and should be avoided.

stonebuzz
stonebuzz requested changes Apr 21, 2026
View reviewed changes
Comment thread inc/uninstall.class.php
Comment on lines +1061 to +1063
echo "<a href='#' id='" . $templates_id . "' class='btn btn-primary me-2'>"
. $data['name']
. "</a>";
Copy link
Copy Markdown
Contributor

@stonebuzz stonebuzz Apr 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The value of $data['name'] comes from the database and is rendered without proper escaping. It should be sanitized using __s(), to prevent potential security issues such as XSS.

Copy link
Copy Markdown
Contributor

@Rom1-B Rom1-B Apr 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The best approach would be to switch to Twig to remove all the echo statements from the function

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Rom1-B Rom1-B Rom1-B requested changes

@stonebuzz stonebuzz stonebuzz requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tsmr @stonebuzz @Rom1-B