tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-04-08 18:55:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

Changes to avoid injection

Browse Source
This commit is contained in:
Félix Suárez 2024-04-02 17:21:10 -06:00
parent 17639c7154
commit ada9836418
3 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pandora_console/include/functions_io.php
View File

@ -90,6 +90,10 @@ function io_safe_input($value)
$value = utf8_encode($value); $value = utf8_encode($value);
} }
if (preg_match('/<\/?script(.*?)>/', $value)) {
$value = preg_replace('/<\/?script(.*?)>/', '', $value);
}
$valueHtmlEncode = htmlentities(($value ?? ''), ENT_QUOTES, 'UTF-8', true); $valueHtmlEncode = htmlentities(($value ?? ''), ENT_QUOTES, 'UTF-8', true);
// Replace the character '\' for the equivalent html entitie // Replace the character '\' for the equivalent html entitie

1
pandora_server/lib/PandoraFMS/Tools.pm
View File

@ -647,6 +647,7 @@ sub safe_input($) {
return "" unless defined($value); return "" unless defined($value);
$value =~ s/<\/?script(.*?)>//gs;
$value =~ s/(.)/$CHR2ENT{$1}||$1/ge; $value =~ s/(.)/$CHR2ENT{$1}||$1/ge;
return $value; return $value;

2
pandora_server/util/pandora_manage.pl
View File

@ -3429,6 +3429,8 @@ sub cli_agent_update() {
my @id_agents; my @id_agents;
my $id_agent; my $id_agent;
$new_value = safe_input($new_value);
if (defined $use_alias and $use_alias eq 'use_alias') { if (defined $use_alias and $use_alias eq 'use_alias') {
@id_agents = get_agent_ids_from_alias($dbh,$agent_name); @id_agents = get_agent_ids_from_alias($dbh,$agent_name);
foreach my $id (@id_agents) { foreach my $id (@id_agents) {