From 9040e832b847d3773bb7be7d75c49dc177c9df68 Mon Sep 17 00:00:00 2001
From: Marcos Alconada <marcos.alconada@artica.es>
Date: Thu, 18 Mar 2021 10:00:34 +0000
Subject: [PATCH] fixed xss vulnerability

---
 .../include/functions_notifications.php       | 21 +++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/pandora_console/include/functions_notifications.php b/pandora_console/include/functions_notifications.php
index d7b2f8236a..ef30d852f0 100644
--- a/pandora_console/include/functions_notifications.php
+++ b/pandora_console/include/functions_notifications.php
@@ -1080,6 +1080,27 @@ function notifications_print_dropdown_element($message_info)
         break;
     }
 
+    $split_subject = explode(' ', io_safe_output($message_info['subject']));
+    $is_image = false;
+    $img = '';
+    foreach ($split_subject as $item) {
+        if ($is_image) {
+            if (preg_match('/src/', $item)) {
+                $img .= $item.' >';
+                $is_image = false;
+            }
+        }
+
+        if (preg_match('/img/', $item)) {
+            $img = '<img ';
+            $is_image = true;
+        }
+    }
+
+    if ($img !== '') {
+        $message_info['subject'] = io_safe_input($img);
+    }
+
     return sprintf(
         "<a
             class='notification-item'