Merge branch 'ent-2284-fix-xss-vulnerability' into 'develop'

Fixed XSS vulnerability

See merge request artica/pandorafms!1483

pandora_console/extensions/agents_alerts.php

@@ -83,7 +83,7 @@ function mainAgentsAlerts() {
 		}
 		
 	}
-	$refr = get_parameter('refr', 30); // By default 30 seconds
+	$refr = (int) get_parameter('refr', 30); // By default 30 seconds
 	$show_modules = (bool) get_parameter ("show_modules",0);
 	$group_id = get_parameter('group_id', 0);
 	$offset = get_parameter('offset', 0);

pandora_console/extensions/agents_modules.php

@@ -14,7 +14,7 @@
 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 // GNU General Public License for more details.
 
-$refr = get_parameter('refresh', 0); // By default 30 seconds
+$refr = (int) get_parameter('refresh', 0); // By default 30 seconds
 function mainAgentsModules() {
 	global $config;
 	
@@ -62,7 +62,7 @@ function mainAgentsModules() {
 	$updated_time = $updated_info;
 	
 	$modulegroup = get_parameter('modulegroup', 0);
-	$refr = get_parameter('refresh', 0); // By default 30 seconds
+	$refr = (int) get_parameter('refresh', 0); // By default 30 seconds
 	
 	$recursion = get_parameter('recursion', 0);
 	$group_id = (int)get_parameter('group_id', 0);

pandora_console/general/header.php

@@ -461,14 +461,9 @@ config_check();
 
 		<?php
 		if ($_GET["refr"]) {
-			$_get_refr = strip_tags($_GET["refr"]);
 		?>
-			refr_time = parseInt("<?php echo $_get_refr; ?>");
-			if (isNaN(refr_time)) {
-				refr_time = 0;
-			}
-			
-			t = new Date();
+			var refr_time = <?php echo (int) get_parameter("refr", 0); ?>;
+			var t = new Date();
 			t.setTime (t.getTime () +
 				parseInt(<?php echo $config["refr"] * 1000; ?>));
 			$("#refrcounter").countdown ({until: t,