From 9eddd8a5d85b0d0ab93af11e1775e3ffd013d14b Mon Sep 17 00:00:00 2001
From: Andre Lorbach <alorbach@adiscon.com>
Date: Tue, 11 Oct 2016 15:08:01 +0200
Subject: [PATCH] reports: Fixed XSS issues in autisummary and logonlogoff
 report

---
 src/classes/reports/report.eventlog.auditsummary.class.php | 5 +----
 src/classes/reports/report.eventlog.logonlogoff.class.php  | 5 +----
 2 files changed, 2 insertions(+), 8 deletions(-)

diff --git a/src/classes/reports/report.eventlog.auditsummary.class.php b/src/classes/reports/report.eventlog.auditsummary.class.php
index f2c67a0..f51d6b0 100644
--- a/src/classes/reports/report.eventlog.auditsummary.class.php
+++ b/src/classes/reports/report.eventlog.auditsummary.class.php
@@ -236,7 +236,7 @@ class Report_auditsummary extends Report {
 
 				foreach ($content["report_summary"] as &$tmpReportData )
 				{
-					$tmpReportData['DisplayName'] = $tmpReportData[SYSLOG_HOST];
+					$tmpReportData['DisplayName'] = htmlspecialchars($tmpReportData[SYSLOG_HOST]);
 					$tmpReportData['bgcolor'] = "#BBBBBB"; // $severity_colors[ $tmpReportData[SYSLOG_SEVERITY] ];
 
 					$iTotalEvents += $tmpReportData['itemcount']; 
@@ -433,9 +433,6 @@ class Report_auditsummary extends Report {
 			$nowtime = microtime_float();
 			$content["report_rendertime"] .= number_format($nowtime - $gl_starttime, 2, '.', '') . "s ";
 
-			// Update all Checksums first!
-//not needed			$this->_streamObj->UpdateAllMessageChecksum(); 
-
 			// TimeStats
 			$nowtime = microtime_float();
 			$content["report_rendertime"] .= number_format($nowtime - $gl_starttime, 2, '.', '') . "s ";
diff --git a/src/classes/reports/report.eventlog.logonlogoff.class.php b/src/classes/reports/report.eventlog.logonlogoff.class.php
index f257783..07e9259 100644
--- a/src/classes/reports/report.eventlog.logonlogoff.class.php
+++ b/src/classes/reports/report.eventlog.logonlogoff.class.php
@@ -153,7 +153,7 @@ class Report_logonlogoff extends Report {
 
 				foreach ($content["report_summary"] as &$tmpReportData )
 				{
-					$tmpReportData['DisplayName'] = $tmpReportData[SYSLOG_HOST];
+					$tmpReportData['DisplayName'] = htmlspecialchars($tmpReportData[SYSLOG_HOST]);
 					$tmpReportData['bgcolor'] = "#BBBBBB"; // $severity_colors[ $tmpReportData[SYSLOG_SEVERITY] ];
 
 					$iTotalEvents += $tmpReportData['itemcount']; 
@@ -322,9 +322,6 @@ class Report_logonlogoff extends Report {
 			$nowtime = microtime_float();
 			$content["report_rendertime"] .= number_format($nowtime - $gl_starttime, 2, '.', '') . "s ";
 
-			// Update all Checksums first!
-//not needed			$this->_streamObj->UpdateAllMessageChecksum(); 
-
 			// TimeStats
 			$nowtime = microtime_float();
 			$content["report_rendertime"] .= number_format($nowtime - $gl_starttime, 2, '.', '') . "s ";