fix xss

2022-11-07 11:26:00 +01:00 · 2022-11-07 11:26:00 +01:00 · 75fe9dd8d3
parent dce2b3f915
commit 75fe9dd8d3
1 changed files with 10 additions and 0 deletions
--- a/pandora_console/include/lib/Dashboard/Manager.php
+++ b/pandora_console/include/lib/Dashboard/Manager.php
@ -774,6 +774,16 @@ class Manager implements PublicLogin

        $dashboards = \db_get_all_rows_sql($sql_dashboard);

+        if ($favourite === true) {
+            $dashboards = array_map(
+                function ($dashboard) {
+                    $dashboard['name'] = io_safe_input($dashboard['name']);
+                    return $dashboard;
+                },
+                $dashboards
+            );
+        }
+
        if ($dashboards === false) {
            $dashboards = [];
        }