Merge branch 'ent-11781-unauthenticated-admin-account-takeover-via-malicious-agent-and-xss' into 'develop'
Ent 11781 unauthenticated admin account takeover via malicious agent and xss See merge request artica/pandorafms!6362
This commit is contained in:
commit
2afd8d3ff3
|
@ -216,7 +216,9 @@ if ($create_agent) {
|
|||
$server_name = (string) get_parameter_post('server_name');
|
||||
$id_os = (int) get_parameter_post('id_os');
|
||||
$disabled = (int) get_parameter_post('disabled');
|
||||
$custom_id = (string) get_parameter_post('custom_id', '');
|
||||
$custom_id_safe_output = strip_tags(io_safe_output(get_parameter('custom_id', '')));
|
||||
$custom_id = io_safe_input(trim(preg_replace('/[\/\\\|%#&$]/', '', $custom_id_safe_output)));
|
||||
// $custom_id = (string) get_parameter_post('custom_id', '');
|
||||
$cascade_protection = (int) get_parameter_post('cascade_protection', 0);
|
||||
$cascade_protection_module = (int) get_parameter_post('cascade_protection_module', 0);
|
||||
$safe_mode = (int) get_parameter_post('safe_mode', 0);
|
||||
|
@ -999,7 +1001,9 @@ if ($update_agent) {
|
|||
$disabled = (bool) get_parameter_post('disabled');
|
||||
$server_name = (string) get_parameter_post('server_name', '');
|
||||
$id_parent = (int) get_parameter_post('id_agent_parent');
|
||||
$custom_id = (string) get_parameter_post('custom_id', '');
|
||||
$custom_id_safe_output = strip_tags(io_safe_output(get_parameter('custom_id', '')));
|
||||
$custom_id = io_safe_input(trim(preg_replace('/[\/\\\|%#&$]/', '', $custom_id_safe_output)));
|
||||
// $custom_id = (string) get_parameter_post('custom_id', '');
|
||||
$cascade_protection = (int) get_parameter_post('cascade_protection', 0);
|
||||
$cascade_protection_module = (int) get_parameter('cascade_protection_module', 0);
|
||||
$safe_mode_module = (int) get_parameter('safe_mode_module', 0);
|
||||
|
|
Loading…
Reference in New Issue