#10160 fixed xss vulnerability in visual console name

2023-01-23 16:47:27 +01:00 · 2023-01-23 16:47:27 +01:00 · 7163b3d853
parent 0a4ddc480a
commit 7163b3d853
2 changed files with 2 additions and 2 deletions
--- a/pandora_console/godmode/reporting/visual_console_builder.php
+++ b/pandora_console/godmode/reporting/visual_console_builder.php
@ -177,7 +177,7 @@ switch ($activeTab) {
                $background_color = (string) get_parameter('background_color');
                $width = (int) get_parameter('width');
                $height = (int) get_parameter('height');
-                $visualConsoleName = (string) get_parameter('name');
+                $visualConsoleName = io_safe_input((string) get_parameter('name'));
                $is_favourite  = (int) get_parameter('is_favourite_sent');
                $auto_adjust  = (int) get_parameter('auto_adjust_sent');

--- a/pandora_console/include/rest-api/models/VisualConsole/Container.php
+++ b/pandora_console/include/rest-api/models/VisualConsole/Container.php
@ -357,7 +357,7 @@ final class Container extends Model
            $config['dbpass'].$row['id'].$config['id_user']
        );

-        return \io_safe_output($row);
+        return $row;
    }