tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-07-30 09:15:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ent-2284-fix-xss-vulnerability' into 'develop'

Browse Source 
Fixed XSS vulnerability

See merge request artica/pandorafms!1483
This commit is contained in:
vgilc 2018-05-21 08:39:43 +02:00
commit 2cc7fe00e9
3 changed files with 5 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pandora_console/extensions/agents_alerts.php
View File

@ -83,7 +83,7 @@ function mainAgentsAlerts() {
} }
} }
$refr = get_parameter('refr', 30); // By default 30 seconds $refr = (int) get_parameter('refr', 30); // By default 30 seconds
$show_modules = (bool) get_parameter ("show_modules",0); $show_modules = (bool) get_parameter ("show_modules",0);
$group_id = get_parameter('group_id', 0); $group_id = get_parameter('group_id', 0);
$offset = get_parameter('offset', 0); $offset = get_parameter('offset', 0);

4
pandora_console/extensions/agents_modules.php
View File

@ -14,7 +14,7 @@
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details. // GNU General Public License for more details.
$refr = get_parameter('refresh', 0); // By default 30 seconds $refr = (int) get_parameter('refresh', 0); // By default 30 seconds
function mainAgentsModules() { function mainAgentsModules() {
global $config; global $config;
@ -62,7 +62,7 @@ function mainAgentsModules() {
$updated_time = $updated_info; $updated_time = $updated_info;
$modulegroup = get_parameter('modulegroup', 0); $modulegroup = get_parameter('modulegroup', 0);
$refr = get_parameter('refresh', 0); // By default 30 seconds $refr = (int) get_parameter('refresh', 0); // By default 30 seconds
$recursion = get_parameter('recursion', 0); $recursion = get_parameter('recursion', 0);
$group_id = (int)get_parameter('group_id', 0); $group_id = (int)get_parameter('group_id', 0);

9
pandora_console/general/header.php
View File

@ -461,14 +461,9 @@ config_check();
<?php <?php
if ($_GET["refr"]) { if ($_GET["refr"]) {
$_get_refr = strip_tags($_GET["refr"]);
?> ?>
refr_time = parseInt("<?php echo $_get_refr; ?>"); var refr_time = <?php echo (int) get_parameter("refr", 0); ?>;
if (isNaN(refr_time)) { var t = new Date();
refr_time = 0;
}
t = new Date();
t.setTime (t.getTime () + t.setTime (t.getTime () +
parseInt(<?php echo $config["refr"] * 1000; ?>)); parseInt(<?php echo $config["refr"] * 1000; ?>));
$("#refrcounter").countdown ({until: t, $("#refrcounter").countdown ({until: t,