tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-07-25 23:04:51 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3526 from Icinga/fix/some-xss-vulnerabilities

Browse Source 
Fix some XSS vulnerabilities
This commit is contained in:
Eric Lippmann 2018-07-16 09:58:23 +02:00 committed by GitHub
commit 67929064cc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
application/layouts/scripts/body.phtml
View File

@ -46,7 +46,7 @@ if ($this->layout()->inlineLayout) {
</div> </div>
<?php endif ?> <?php endif ?>
<div id="main" role="main"> <div id="main" role="main">
<div id="col1" class="container<?= $moduleClass ?>"<?php if ($moduleName): ?> data-icinga-module="<?= $moduleName ?>" <?php endif ?> data-icinga-url="<?= Url::fromRequest()->without('renderLayout'); ?>"<?= $refresh; ?> style="display: block"> <div id="col1" class="container<?= $moduleClass ?>"<?php if ($moduleName): ?> data-icinga-module="<?= $moduleName ?>" <?php endif ?> data-icinga-url="<?= $this->escape(Url::fromRequest()->without('renderLayout')->getAbsoluteUrl()); ?>"<?= $refresh; ?> style="display: block">
<?= $this->render($inlineLayoutScript) ?> <?= $this->render($inlineLayoutScript) ?>
</div> </div>
<div id="col2" class="container"> <div id="col2" class="container">

6
application/views/scripts/mixedPagination.phtml
View File

@ -10,7 +10,7 @@
$this->totalItemCount $this->totalItemCount
) ?> ) ?>
<li class="nav-item"> <li class="nav-item">
<a href="<?= $this->url()->overwriteParams(array('page' => $this->previous)) ?>" <a href="<?= $this->escape($this->url()->overwriteParams(array('page' => $this->previous))->getAbsoluteUrl()) ?>"
title="<?= $label ?>" title="<?= $label ?>"
aria-label="<?= $label ?>" aria-label="<?= $label ?>"
class="previous-page"> class="previous-page">
@ -44,7 +44,7 @@
); );
?> ?>
<li<?= $page === $this->current ? ' class="active nav-item"' : ' class="nav-item"' ?>> <li<?= $page === $this->current ? ' class="active nav-item"' : ' class="nav-item"' ?>>
<a href="<?= $this->url()->overwriteParams(array('page' => $page)) ?>" <a href="<?= $this->escape($this->url()->overwriteParams(array('page' => $page))->getAbsoluteUrl()) ?>"
title="<?= $label ?>" title="<?= $label ?>"
aria-label="<?= $label ?>"> aria-label="<?= $label ?>">
<?= $page ?> <?= $page ?>
@ -60,7 +60,7 @@
$this->totalItemCount $this->totalItemCount
) ?> ) ?>
<li class="nav-item"> <li class="nav-item">
<a href="<?= $this->url()->overwriteParams(array('page' => $this->next)) ?>" <a href="<?= $this->escape($this->url()->overwriteParams(array('page' => $this->next))->getAbsoluteUrl()) ?>"
title="<?= $label ?>" title="<?= $label ?>"
aria-label="<?= $label ?>" aria-label="<?= $label ?>"
class="next-page"> class="next-page">

2
library/Icinga/Web/Widget/Tab.php
View File

@ -309,7 +309,7 @@ class Tab extends AbstractWidget
$tab = sprintf( $tab = sprintf(
'<a href="%s"%s>%s</a>', '<a href="%s"%s>%s</a>',
$this->url, $this->view()->escape($this->url->getAbsoluteUrl()),
$params, $params,
$caption $caption
); );

2
library/Icinga/Web/Widget/Tabs.php
View File

@ -342,7 +342,7 @@ EOT;
'{LABEL}' '{LABEL}'
), ),
array( array(
$url, $this->view()->escape($url->getAbsoluteUrl()),
$title, $title,
$label $label
), ),