2 files changed, 16 insertions, 6 deletions

diff --git a/library/Director/Web/Form/Element/DataFilter.php b/library/Director/Web/Form/Element/DataFilter.php
index adae07d..7beb651 100644
--- a/library/Director/Web/Form/Element/DataFilter.php
+++ b/library/Director/Web/Form/Element/DataFilter.php
@@ -2,6 +2,7 @@
 
 namespace Icinga\Module\Director\Web\Form\Element;
 
+use gipfl\Json\JsonString;
 use Icinga\Data\Filter\Filter;
 use Icinga\Data\Filter\FilterChain;
 use Icinga\Data\Filter\FilterExpression;
@@ -268,13 +269,13 @@ class DataFilter extends FormElement
             return Filter::expression(
                 $entry['column'],
                 '=',
-                json_encode(true)
+                $this->jsonEncode(true)
             );
         } elseif ($entry['sign'] === 'false') {
             return Filter::expression(
                 $entry['column'],
                 '=',
-                json_encode(false)
+                $this->jsonEncode(false)
             );
         } elseif ($entry['sign'] === 'in') {
             if (array_key_exists('value', $entry)) {
@@ -291,13 +292,13 @@ class DataFilter extends FormElement
             return Filter::expression(
                 $entry['column'],
                 '=',
-                json_encode($value)
+                $this->jsonEncode($value)
             );
         } elseif ($entry['sign'] === 'contains') {
             $value = array_key_exists('value', $entry) ? $entry['value'] : null;
 
             return Filter::expression(
-                json_encode($value),
+                $this->jsonEncode($value),
                 '=',
                 $entry['column']
             );
@@ -307,11 +308,20 @@ class DataFilter extends FormElement
             return Filter::expression(
                 $entry['column'],
                 $entry['sign'],
-                json_encode($value)
+                $this->jsonEncode($value)
             );
         }
     }
 
+    protected function jsonEncode($string)
+    {
+        return preg_replace(
+            ['/&/u', '/\|/u', '/!/u', '/=/u', '/>/u', '/</u'],
+            ['\u0026', '\u007c', '\u0021', '\u003d', '\u003e', '\u003c'],
+            JsonString::encode($string)
+        );
+    }
+
     protected function entryAction($entry)
     {
         if (array_key_exists('action', $entry)) {
diff --git a/library/Director/Web/Form/Element/ExtensibleSet.php b/library/Director/Web/Form/Element/ExtensibleSet.php
index f3c968f..e443b06 100644
--- a/library/Director/Web/Form/Element/ExtensibleSet.php
+++ b/library/Director/Web/Form/Element/ExtensibleSet.php
@@ -28,7 +28,7 @@ class ExtensibleSet extends FormElement
         if (! is_array($value)) {
             throw new InvalidArgumentException(sprintf(
                 'ExtensibleSet expects to work with Arrays, got %s',
-                var_export($value, 1)
+                var_export($value, true)
             ));
         }
         $value = array_filter($value, 'strlen');