Merge branch 'ent-9774-XSS-reporting-dashboard-module' into 'develop'

fix xss See merge request artica/pandorafms!5249
2025-04-08 18:55:09 +02:00 · 2022-11-07 16:06:29 +00:00 · 2022-11-07 16:06:29 +00:00 · 038195146e
commit 038195146e
parent 3417ec9421 e3d01930b1
1 changed files with 10 additions and 0 deletions
--- a/pandora_console/include/lib/Dashboard/Manager.php
+++ b/pandora_console/include/lib/Dashboard/Manager.php
@ -774,6 +774,16 @@ class Manager implements PublicLogin

        $dashboards = \db_get_all_rows_sql($sql_dashboard);

+        if ($favourite === true && $dashboards !== false && count($dashboards) > 0) {
+            $dashboards = array_map(
+                function ($dashboard) {
+                    $dashboard['name'] = io_safe_input($dashboard['name']);
+                    return $dashboard;
+                },
+                $dashboards
+            );
+        }
+
        if ($dashboards === false) {
            $dashboards = [];
        }