tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fixed vulnerabilty on events comments

This commit is contained in:
marcos 2020-06-09 11:40:39 +02:00
parent 25dee1c906
commit 93bc14d102
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
pandora_console/include/ajax/events.php
View File

@ -1088,10 +1088,18 @@ if ($dialogue_event_response) {
} }
if ($add_comment) { if ($add_comment) {
$aviability_comment = true;
$comment = get_parameter('comment'); $comment = get_parameter('comment');
if (preg_match('<script>', io_safe_output($comment))) {
$aviability_comment = false;
$return = false;
}
$event_id = get_parameter('event_id'); $event_id = get_parameter('event_id');
$return = events_comment($event_id, $comment, 'Added comment', $meta, $history); if ($aviability_comment !== false) {
$return = events_comment($event_id, $comment, 'Added comment', $meta, $history);
}
if ($return) { if ($return) {
echo 'comment_ok'; echo 'comment_ok';