Merge branch 'ent-11781-unauthenticated-admin-account-takeover-via-malicious-agent-and-xss' into 'develop'

Ent 11781 unauthenticated admin account takeover via malicious agent and xss

See merge request artica/pandorafms!6362
This commit is contained in:
Gorka Sanchez 2023-08-31 10:34:30 +00:00
commit 2afd8d3ff3
1 changed files with 6 additions and 2 deletions

View File

@ -216,7 +216,9 @@ if ($create_agent) {
$server_name = (string) get_parameter_post('server_name');
$id_os = (int) get_parameter_post('id_os');
$disabled = (int) get_parameter_post('disabled');
$custom_id = (string) get_parameter_post('custom_id', '');
$custom_id_safe_output = strip_tags(io_safe_output(get_parameter('custom_id', '')));
$custom_id = io_safe_input(trim(preg_replace('/[\/\\\|%#&$]/', '', $custom_id_safe_output)));
// $custom_id = (string) get_parameter_post('custom_id', '');
$cascade_protection = (int) get_parameter_post('cascade_protection', 0);
$cascade_protection_module = (int) get_parameter_post('cascade_protection_module', 0);
$safe_mode = (int) get_parameter_post('safe_mode', 0);
@ -999,7 +1001,9 @@ if ($update_agent) {
$disabled = (bool) get_parameter_post('disabled');
$server_name = (string) get_parameter_post('server_name', '');
$id_parent = (int) get_parameter_post('id_agent_parent');
$custom_id = (string) get_parameter_post('custom_id', '');
$custom_id_safe_output = strip_tags(io_safe_output(get_parameter('custom_id', '')));
$custom_id = io_safe_input(trim(preg_replace('/[\/\\\|%#&$]/', '', $custom_id_safe_output)));
// $custom_id = (string) get_parameter_post('custom_id', '');
$cascade_protection = (int) get_parameter_post('cascade_protection', 0);
$cascade_protection_module = (int) get_parameter('cascade_protection_module', 0);
$safe_mode_module = (int) get_parameter('safe_mode_module', 0);