tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ent-5959-xxs-special-day' into 'develop' 

fixed vulnerability on special days

See merge request artica/pandorafms!3286
This commit is contained in:
Alejandro Fraguas 2020-06-15 12:14:42 +02:00
parent aaa1ae6650 9ddfde1774
commit 495b13f387
1 changed files with 22 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
pandora_console/godmode/alerts/alert_special_days.php
View File

@ -118,6 +118,10 @@ if ($create_special_day) {
$values['id_group'] = (string) get_parameter('id_group');
$values['description'] = (string) get_parameter('description');
$aviable_description = true;
if (preg_match('<script>', $values['description'])) {
$aviable_description = false;
}
$array_date = explode('-', $date);
@ -142,8 +146,12 @@ if ($create_special_day) {
$result = '';
$messageAction = __('Could not be created, it already exists');
} else {
$result = alerts_create_alert_special_day($date, $same_day, $values);
$info = '{"Date":"'.$date.'","Same day of the week":"'.$same_day.'","Description":"'.$values['description'].'"}';
if ($aviable_description) {
$result = alerts_create_alert_special_day($date, $same_day, $values);
$info = '{"Date":"'.$date.'","Same day of the week":"'.$same_day.'","Description":"'.$values['description'].'"}';
} else {
$result = false;
}
}
}
@ -176,6 +184,11 @@ if ($update_special_day) {
$id_group = (string) get_parameter('id_group');
$id_group_orig = (string) get_parameter('id_group_orig');
$aviable_description = true;
if (preg_match('<script>', $description)) {
$aviable_description = false;
}
$array_date = explode('-', $date);
$year = $array_date[0];
@ -206,12 +219,16 @@ if ($update_special_day) {
$result = '';
$messageAction = __('Could not be updated, it already exists');
} else {
if ($aviable_description !== false) {
$result = alerts_update_alert_special_day($id, $values);
$info = '{"Date":"'.$date.'","Same day of the week":"'.$same_day.'","Description":"'.$description.'"}';
}
}
} else {
if ($aviable_description !== false) {
$result = alerts_update_alert_special_day($id, $values);
$info = '{"Date":"'.$date.'","Same day of the week":"'.$same_day.'","Description":"'.$description.'"}';
}
} else {
$result = alerts_update_alert_special_day($id, $values);
$info = '{"Date":"'.$date.'","Same day of the week":"'.$same_day.'","Description":"'.$description.'"}';
}
}