tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-07-28 00:04:04 +02:00
Code Issues Packages Projects Releases Wiki Activity

SshResourceForm: fix XSS by escaping user-defined resource name

Browse Source 
in the tooltip of the message shown instead of the private key.

(cherry picked from commit a3100d378b125bbc4c5587e0bddd55b1f0300a83)
This commit is contained in:
Alexander A. Klimov 2022-11-22 13:43:34 +01:00 committed by Johannes Meyer
parent 9b6349e4a0
commit d00b3bf19c
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
application/forms/Config/Resource/SshResourceForm.php
View File

@ -87,9 +87,9 @@ class SshResourceForm extends Form
'value' => sprintf( 'value' => sprintf(
'<a href="%1$s" data-base-target="_next" title="%2$s" aria-label="%2$s">%3$s</a>', '<a href="%1$s" data-base-target="_next" title="%2$s" aria-label="%2$s">%3$s</a>',
$this->getView()->url('config/removeresource', array('resource' => $resourceName)), $this->getView()->url('config/removeresource', array('resource' => $resourceName)),
sprintf($this->translate( $this->getView()->escape(sprintf($this->translate(
'Remove the %s resource' 'Remove the %s resource'
), $resourceName), ), $resourceName)),
$this->translate('To modify the private key you must recreate this resource.') $this->translate('To modify the private key you must recreate this resource.')
) )
) )