tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-07-29 08:45:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

fixed xss vulnerability

Browse Source
This commit is contained in:
Marcos Alconada 2021-03-18 10:00:34 +00:00 committed by Daniel Rodriguez
parent eea114e3d1
commit 9040e832b8
1 changed files with 21 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
pandora_console/include/functions_notifications.php
View File

@ -1080,6 +1080,27 @@ function notifications_print_dropdown_element($message_info)
break; break;
} }
$split_subject = explode(' ', io_safe_output($message_info['subject']));
$is_image = false;
$img = '';
foreach ($split_subject as $item) {
if ($is_image) {
if (preg_match('/src/', $item)) {
$img .= $item.' >';
$is_image = false;
}
}
if (preg_match('/img/', $item)) {
$img = '<img ';
$is_image = true;
}
}
if ($img !== '') {
$message_info['subject'] = io_safe_input($img);
}
return sprintf( return sprintf(
"<a "<a
class='notification-item' class='notification-item'