tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fixed security error on manage agent group

This commit is contained in:
marcos 2020-06-09 12:43:58 +02:00
parent cbca70da73
commit b3a270d0b3
1 changed files with 28 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
pandora_console/godmode/groups/group_list.php
View File

@ -347,9 +347,15 @@ if (($create_group) && (check_acl($config['id_user'], 0, 'PM'))) {
$check = db_get_value('nombre', 'tgrupo', 'nombre', $name);
$propagate = (bool) get_parameter('propagate');
$aviable_name = true;
if (preg_match('<script>', $name)) {
$aviable_name = false;
}
// Check if name field is empty.
if ($name != '') {
if (!$check) {
if ($aviable_name === true) {
$values = [
'nombre' => $name,
'icon' => empty($icon) ? '' : substr($icon, 0, -4),
@ -365,6 +371,8 @@ if (($create_group) && (check_acl($config['id_user'], 0, 'PM'))) {
];
$result = db_process_sql_insert('tgrupo', $values);
}
if ($result) {
ui_print_success_message(__('Group successfully created'));
} else {
@ -394,8 +402,13 @@ if ($update_group) {
$contact = (string) get_parameter('contact');
$other = (string) get_parameter('other');
$aviable_name = true;
if (preg_match('<script>', $name)) {
$aviable_name = false;
}
// Check if name field is empty.
if ($name != '') {
if ($name != '' && $aviable_name === true) {
$sql = sprintf(
'UPDATE tgrupo
SET nombre = "%s",