tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed XSS vulnerability

This commit is contained in:
Daniel Maya 2020-01-13 11:29:18 +01:00 committed by Daniel Rodriguez
parent 2fa637ee4d
commit 49e03f5e44
3 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pandora_console/godmode/reporting/graphs.php
View File

@ -290,7 +290,7 @@ $table_aux = new stdClass();
foreach ($result_graphs as $graph) {
$data = [];
$data[0] = '<a href="index.php?sec=reporting&sec2=operation/reporting/graph_viewer&view_graph=1&id='.$graph['id_graph'].'">'.ui_print_truncate_text(io_safe_output($graph['name']), 70).'</a>';
$data[0] = '<a href="index.php?sec=reporting&sec2=operation/reporting/graph_viewer&view_graph=1&id='.$graph['id_graph'].'">'.ui_print_truncate_text($graph['name'], 70).'</a>';
$data[1] = ui_print_truncate_text($graph['description'], 70);

4
pandora_console/include/functions_reporting.php
View File

@ -190,6 +190,8 @@ function reporting_make_reporting_data(
$metaconsole_on = is_metaconsole();
$index_content = 0;
foreach ($contents as $content) {
$content['name'] = io_safe_input($content['name']);
$content['description'] = io_safe_input($content['description']);
if (!empty($content['id_agent_module']) && !empty($content['id_agent'])
&& tags_has_user_acl_tags($config['id_user'])
) {
@ -7640,7 +7642,7 @@ function reporting_custom_graph(
$return['title'] = $content['name'];
$return['landscape'] = $content['landscape'];
$return['pagebreak'] = $content['pagebreak'];
$return['subtitle'] = io_safe_output($graph['name']);
$return['subtitle'] = $graph['name'];
$return['agent_name'] = $agent_alias;
$return['module_name'] = $module_name;
$return['description'] = $content['description'];

2
pandora_console/include/functions_reporting_html.php
View File

@ -130,7 +130,7 @@ function html_do_report_info($report)
$html .= '</tr>
<tr>
<td valign="top"><b>'.__('Description').': </b></td><td>'.io_safe_output($report['description']).'</td>
<td valign="top"><b>'.__('Description').': </b></td><td>'.htmlspecialchars($report['description']).'</td>
</tr>
</table>'.'</div>';