From 75fe9dd8d3726b46b66095e113591bbc10efca57 Mon Sep 17 00:00:00 2001 From: "alejandro.campos@artica.es" Date: Mon, 7 Nov 2022 11:26:00 +0100 Subject: [PATCH 1/2] fix xss --- pandora_console/include/lib/Dashboard/Manager.php | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/pandora_console/include/lib/Dashboard/Manager.php b/pandora_console/include/lib/Dashboard/Manager.php index 843f30e94a..995d794b39 100644 --- a/pandora_console/include/lib/Dashboard/Manager.php +++ b/pandora_console/include/lib/Dashboard/Manager.php @@ -774,6 +774,16 @@ class Manager implements PublicLogin $dashboards = \db_get_all_rows_sql($sql_dashboard); + if ($favourite === true) { + $dashboards = array_map( + function ($dashboard) { + $dashboard['name'] = io_safe_input($dashboard['name']); + return $dashboard; + }, + $dashboards + ); + } + if ($dashboards === false) { $dashboards = []; } From e3d01930b18fc864cd716fbfb25c1c66a4ba6e4e Mon Sep 17 00:00:00 2001 From: "alejandro.campos@artica.es" Date: Mon, 7 Nov 2022 14:13:04 +0100 Subject: [PATCH 2/2] minor change --- pandora_console/include/lib/Dashboard/Manager.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pandora_console/include/lib/Dashboard/Manager.php b/pandora_console/include/lib/Dashboard/Manager.php index 995d794b39..a83c982d2a 100644 --- a/pandora_console/include/lib/Dashboard/Manager.php +++ b/pandora_console/include/lib/Dashboard/Manager.php @@ -774,7 +774,7 @@ class Manager implements PublicLogin $dashboards = \db_get_all_rows_sql($sql_dashboard); - if ($favourite === true) { + if ($favourite === true && $dashboards !== false && count($dashboards) > 0) { $dashboards = array_map( function ($dashboard) { $dashboard['name'] = io_safe_input($dashboard['name']);