tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ent-13534-cli-pfms-el-comando-update_group-permite-inyectar-codigo-javascript-en-la-descripcion-de' into 'develop' 

Ent 13534 CLI PFMS: el comando "update_group" permite inyectar código JavaScript en la descripción del grupo

See merge request artica/pandorafms!7294
This commit is contained in:
Enrique Martin 2024-04-29 16:31:18 +00:00
parent a191ef3732 86db699cd3
commit 9d6df42c5b
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
pandora_server/util/pandora_manage.pl
View File

@ -6166,7 +6166,7 @@ sub cli_create_group() {
$icon = '' unless defined($icon);
$description = '' unless defined($description);
$group_id = pandora_create_group ($group_name, $icon, $parent_group_id, 0, 0, '', 0, $description, $dbh);
$group_id = pandora_create_group ($group_name, $icon, $parent_group_id, 0, 0, '', 0, safe_input($description), $dbh);
if($group_id == -1) {
print_log "[ERROR] A problem has been ocurred creating group '$group_name'\n\n";
@ -6191,7 +6191,7 @@ sub cli_create_group() {
eval {
$group_id_nodo = db_insert ($dbh_metaconsole, 'id_grupo', 'INSERT INTO tgrupo (id_grupo, nombre, icon, parent, propagate, disabled,
custom_id, id_skin, description) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)', $group_name, safe_input($group_name), $icon,
$parent_group_id, 0, 0, '', 0, $description);
$parent_group_id, 0, 0, '', 0, safe_input($description));
};
if ($@) {
print_log "[ERROR] Problems with IDS and doesn't created group\n\n";
@ -6293,15 +6293,15 @@ sub cli_update_group() {
if(defined($icon)){
if(defined($description)){
db_do ($dbh,'UPDATE tgrupo SET nombre=? , parent=? , icon=? , description=? WHERE id_grupo=?',$group_name,$parent_group_id,$icon,$description,$group_id);
db_do ($dbh,'UPDATE tgrupo SET nombre=? , parent=? , icon=? , description=? WHERE id_grupo=?',safe_input($group_name),$parent_group_id,$icon, safe_input($description) ,$group_id);
}else{
db_do ($dbh,'UPDATE tgrupo SET nombre=? , parent=? , icon=? WHERE id_grupo=?',$group_name,$parent_group_id,$icon,$group_id);
db_do ($dbh,'UPDATE tgrupo SET nombre=? , parent=? , icon=? WHERE id_grupo=?',safe_input($group_name),$parent_group_id,$icon,$group_id);
}
}else{
db_do ($dbh,'UPDATE tgrupo SET nombre=? , parent=? WHERE id_grupo=?',$group_name,$parent_group_id,$group_id);
db_do ($dbh,'UPDATE tgrupo SET nombre=? , parent=? WHERE id_grupo=?',safe_input($group_name),$parent_group_id,$group_id);
}
}else{
db_do ($dbh,'UPDATE tgrupo SET nombre=? WHERE id_grupo=?',$group_name,$group_id);
db_do ($dbh,'UPDATE tgrupo SET nombre=? WHERE id_grupo=?',safe_input($group_name),$group_id);
}
print_log "[INFO] Updated group '$group_id'\n\n";
}