tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-07-23 13:54:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Dashboard settings: escape panes' names to prevent XSS

Browse Source
This commit is contained in:
Alexander A. Klimov 2016-02-23 14:00:07 +01:00
parent 358b20cec3
commit b670855f25
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
application/views/scripts/dashboard/settings.phtml
View File

@ -20,7 +20,7 @@
<?php foreach ($this->dashboard->getPanes() as $pane): ?> <?php foreach ($this->dashboard->getPanes() as $pane): ?>
<tr style="background-color: #f1f1f1;"> <tr style="background-color: #f1f1f1;">
<th colspan="2" style="text-align: left; padding: 0.5em;"> <th colspan="2" style="text-align: left; padding: 0.5em;">
<?= $pane->getName(); ?> <?= $this->escape($pane->getName()) ?>
</th> </th>
<th> <th>
<?= $this->qlink( <?= $this->qlink(