Merge branch 'ent-6002-pandora-communty-vulnerabilities' into 'develop'
Fixed xss event comments vulnerabiluty and some acls on event ajax See merge request artica/pandorafms!3335
This commit is contained in:
commit
bd6904b99f
|
@ -871,6 +871,11 @@ if ($get_response_description) {
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($get_response_params) {
|
if ($get_response_params) {
|
||||||
|
if (! check_acl($config['id_user'], 0, 'EW')) {
|
||||||
|
echo 'unauthorized';
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
$response_id = get_parameter('response_id');
|
$response_id = get_parameter('response_id');
|
||||||
|
|
||||||
$params = db_get_value('params', 'tevent_response', 'id', $response_id);
|
$params = db_get_value('params', 'tevent_response', 'id', $response_id);
|
||||||
|
@ -885,6 +890,11 @@ if ($get_response_params) {
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($get_response_target) {
|
if ($get_response_target) {
|
||||||
|
if (! check_acl($config['id_user'], 0, 'EW')) {
|
||||||
|
echo 'unauthorized';
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
$response_id = (int) get_parameter('response_id');
|
$response_id = (int) get_parameter('response_id');
|
||||||
$event_id = (int) get_parameter('event_id');
|
$event_id = (int) get_parameter('event_id');
|
||||||
$server_id = (int) get_parameter('server_id');
|
$server_id = (int) get_parameter('server_id');
|
||||||
|
@ -901,6 +911,11 @@ if ($get_response_target) {
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($get_response) {
|
if ($get_response) {
|
||||||
|
if (! check_acl($config['id_user'], 0, 'EW')) {
|
||||||
|
echo 'unauthorized';
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
$response_id = get_parameter('response_id');
|
$response_id = get_parameter('response_id');
|
||||||
|
|
||||||
$event_response = db_get_row('tevent_response', 'id', $response_id);
|
$event_response = db_get_row('tevent_response', 'id', $response_id);
|
||||||
|
@ -917,6 +932,11 @@ if ($get_response) {
|
||||||
if ($perform_event_response) {
|
if ($perform_event_response) {
|
||||||
global $config;
|
global $config;
|
||||||
|
|
||||||
|
if (! check_acl($config['id_user'], 0, 'EW')) {
|
||||||
|
echo 'unauthorized';
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
$response_id = get_parameter('response_id');
|
$response_id = get_parameter('response_id');
|
||||||
$event_id = (int) get_parameter('event_id');
|
$event_id = (int) get_parameter('event_id');
|
||||||
$server_id = (int) get_parameter('server_id', 0);
|
$server_id = (int) get_parameter('server_id', 0);
|
||||||
|
@ -1011,6 +1031,11 @@ if ($perform_event_response) {
|
||||||
if ($dialogue_event_response) {
|
if ($dialogue_event_response) {
|
||||||
global $config;
|
global $config;
|
||||||
|
|
||||||
|
if (! check_acl($config['id_user'], 0, 'EW')) {
|
||||||
|
echo 'unauthorized';
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
$event_id = get_parameter('event_id');
|
$event_id = get_parameter('event_id');
|
||||||
$response_id = get_parameter('response_id');
|
$response_id = get_parameter('response_id');
|
||||||
$command = get_parameter('target');
|
$command = get_parameter('target');
|
||||||
|
|
|
@ -2118,7 +2118,7 @@ function events_comment(
|
||||||
|
|
||||||
switch ($comments_format) {
|
switch ($comments_format) {
|
||||||
case 'new':
|
case 'new':
|
||||||
$comment_for_json['comment'] = $comment;
|
$comment_for_json['comment'] = io_safe_input($comment);
|
||||||
$comment_for_json['action'] = $action;
|
$comment_for_json['action'] = $action;
|
||||||
$comment_for_json['id_user'] = $config['id_user'];
|
$comment_for_json['id_user'] = $config['id_user'];
|
||||||
$comment_for_json['utimestamp'] = time();
|
$comment_for_json['utimestamp'] = time();
|
||||||
|
@ -2141,7 +2141,7 @@ function events_comment(
|
||||||
$comment = str_replace(["\r\n", "\r", "\n"], '<br>', $comment);
|
$comment = str_replace(["\r\n", "\r", "\n"], '<br>', $comment);
|
||||||
|
|
||||||
if ($comment != '') {
|
if ($comment != '') {
|
||||||
$commentbox = '<div style="border:1px dotted #CCC; min-height: 10px;">'.$comment.'</div>';
|
$commentbox = '<div style="border:1px dotted #CCC; min-height: 10px;">'.io_safe_input($comment).'</div>';
|
||||||
} else {
|
} else {
|
||||||
$commentbox = '';
|
$commentbox = '';
|
||||||
}
|
}
|
||||||
|
|
|
@ -982,6 +982,7 @@ if ($group_rep == 2) {
|
||||||
$array_events_actions[$val['id']] = $val['name'];
|
$array_events_actions[$val['id']] = $val['name'];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (check_acl($config['id_user'], 0, 'EW')) {
|
||||||
if ($config['event_replication'] != 1) {
|
if ($config['event_replication'] != 1) {
|
||||||
echo '<div style="width:100%;text-align:right;">';
|
echo '<div style="width:100%;text-align:right;">';
|
||||||
echo '<form method="post" id="form_event_response">';
|
echo '<form method="post" id="form_event_response">';
|
||||||
|
@ -1002,6 +1003,7 @@ if ($group_rep == 2) {
|
||||||
echo '</div>';
|
echo '</div>';
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
?>
|
?>
|
||||||
<script type="text/javascript">
|
<script type="text/javascript">
|
||||||
|
|
|
@ -1530,26 +1530,26 @@ foreach ($event_responses as $val) {
|
||||||
$array_events_actions[$val['id']] = $val['name'];
|
$array_events_actions[$val['id']] = $val['name'];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (check_acl($config['id_user'], 0, 'EW')) {
|
||||||
echo '<div class="multi-response-buttons">';
|
echo '<div class="multi-response-buttons">';
|
||||||
echo '<form method="post" id="form_event_response">';
|
echo '<form method="post" id="form_event_response">';
|
||||||
echo '<input type="hidden" id="max_execution_event_response" value="'.$config['max_execution_event_response'].'" />';
|
echo '<input type="hidden" id="max_execution_event_response" value="'.$config['max_execution_event_response'].'" />';
|
||||||
html_print_select($array_events_actions, 'response_id', '', '', '', 0, false, false, false);
|
html_print_select($array_events_actions, 'response_id', '', '', '', 0, false, false, false);
|
||||||
echo '  ';
|
echo '  ';
|
||||||
html_print_button(__('Execute event response'), 'submit_event_response', false, 'execute_event_response(true);', 'class="sub next"');
|
html_print_button(__('Execute event response'), 'submit_event_response', false, 'execute_event_response(true);', 'class="sub next"');
|
||||||
echo "<span id='response_loading_dialog' style='display:none'>".html_print_image('images/spinner.gif', true).'</span>';
|
echo "<span id='response_loading_dialog' style='display:none'>".html_print_image('images/spinner.gif', true).'</span>';
|
||||||
echo '</form>';
|
echo '</form>';
|
||||||
echo '<span id="max_custom_event_resp_msg" style="display:none; color:#e63c52; line-height: 200%;">';
|
echo '<span id="max_custom_event_resp_msg" style="display:none; color:#e63c52; line-height: 200%;">';
|
||||||
echo __(
|
echo __(
|
||||||
'A maximum of %s event custom responses can be selected',
|
'A maximum of %s event custom responses can be selected',
|
||||||
$config['max_execution_event_response']
|
$config['max_execution_event_response']
|
||||||
).'</span>';
|
).'</span>';
|
||||||
echo '<span id="max_custom_selected" style="display:none; color:#e63c52; line-height: 200%;">';
|
echo '<span id="max_custom_selected" style="display:none; color:#e63c52; line-height: 200%;">';
|
||||||
echo __(
|
echo __(
|
||||||
'Please, select an event'
|
'Please, select an event'
|
||||||
).'</span>';
|
).'</span>';
|
||||||
echo '</div>';
|
echo '</div>';
|
||||||
|
}
|
||||||
|
|
||||||
// Close viewer.
|
// Close viewer.
|
||||||
enterprise_hook('close_meta_frame');
|
enterprise_hook('close_meta_frame');
|
||||||
|
|
Loading…
Reference in New Issue