tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-07-27 07:44:04 +02:00
Code Issues Packages Projects Releases Wiki Activity

Window: Only accept valid window IDs

Browse Source 
(cherry picked from commit 484bd26d63abef172d0354140adf9ce353c444e0)
This commit is contained in:
Johannes Meyer 2025-03-07 16:02:40 +01:00
parent 8e5b32aef3
commit 8600f4fe31
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
library/Icinga/Web/Window.php
View File

@ -112,7 +112,7 @@ class Window
{ {
if (! isset(static::$window)) { if (! isset(static::$window)) {
$id = Icinga::app()->getRequest()->getHeader('X-Icinga-WindowId'); $id = Icinga::app()->getRequest()->getHeader('X-Icinga-WindowId');
if (empty($id) || $id === static::UNDEFINED) { if (empty($id) || $id === static::UNDEFINED || ! preg_match('/^\w+$/', $id)) {
Icinga::app()->getResponse()->setOverrideWindowId(); Icinga::app()->getResponse()->setOverrideWindowId();
$id = static::generateId(); $id = static::generateId();
} }