tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ent-12122-CVE-2023-44088-SQL-Injection-en-Consola-Visual' into 'develop' 

Ent 12122 cve 2023 44088 sql injection en consola visual

See merge request artica/pandorafms!6525
This commit is contained in:
Rafael Ameijeiras 2023-11-27 10:26:30 +00:00
parent cd8652f9e6 5b7e1a9c80
commit e5df1a5285
3 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
pandora_console/godmode/reporting/map_builder.php
View File

@ -519,9 +519,9 @@ if (!$maps && is_metaconsole() === false) {
$data = []; $data = [];
if (is_metaconsole() === false) { if (is_metaconsole() === false) {
$data[0] = '<a href="index.php?sec=network&amp;sec2=operation/visual_console/render_view&amp;id='.$map['id'].'&amp;refr='.$refr.'">'.$map['name'].'</a>'; $data[0] = '<a href="index.php?sec=network&amp;sec2=operation/visual_console/render_view&amp;id='.$map['id'].'&amp;refr='.$refr.'">'.io_safe_output($map['name']).'</a>';
} else { } else {
$data[0] = '<a href="index.php?sec=screen&sec2=screens/screens&action=visualmap&pure='.$pure.'&id='.$map['id'].'&amp;refr='.$refr.'">'.$map['name'].'</a>'; $data[0] = '<a href="index.php?sec=screen&sec2=screens/screens&action=visualmap&pure='.$pure.'&id='.$map['id'].'&amp;refr='.$refr.'">'.io_safe_output($map['name']).'</a>';
} }
$data[1] = ui_print_group_icon($map['id_group'], true); $data[1] = ui_print_group_icon($map['id_group'], true);
@ -541,7 +541,7 @@ if (!$maps && is_metaconsole() === false) {
true, true,
['class' => 'main_menu_icon invert_filter'] ['class' => 'main_menu_icon invert_filter']
).'</a>'; ).'</a>';
$data[4] = '<a class="delete_visualmap" href="index.php?sec=network&amp;sec2=godmode/reporting/map_builder&amp;id_layout='.$map['id'].'&amp;delete_layout=1" onclick="javascript: if (!confirm(\''.__('Are you sure?').'\n'.__('Delete').': '.$map['name'].'\')) return false;">'.html_print_image( $data[4] = '<a class="delete_visualmap" href="index.php?sec=network&amp;sec2=godmode/reporting/map_builder&amp;id_layout='.$map['id'].'&amp;delete_layout=1" onclick="javascript: if (!confirm(\''.__('Are you sure?').'\n'.__('Delete').': '.io_safe_output($map['name']).'\')) return false;">'.html_print_image(
'images/delete.svg', 'images/delete.svg',
true, true,
['class' => 'main_menu_icon invert_filter'] ['class' => 'main_menu_icon invert_filter']
@ -552,7 +552,7 @@ if (!$maps && is_metaconsole() === false) {
true, true,
['class' => 'main_menu_icon invert_filter'] ['class' => 'main_menu_icon invert_filter']
).'</a>'; ).'</a>';
$data[4] = '<a class="delete_visualmap" href="index.php?sec=screen&sec2=screens/screens&action=visualmap&pure='.$pure.'&id_layout='.$map['id'].'&amp;delete_layout=1" onclick="javascript: if (!confirm(\''.__('Are you sure?').'\n'.__('Delete').': '.$map['name'].'\')) return false;">'.html_print_image( $data[4] = '<a class="delete_visualmap" href="index.php?sec=screen&sec2=screens/screens&action=visualmap&pure='.$pure.'&id_layout='.$map['id'].'&amp;delete_layout=1" onclick="javascript: if (!confirm(\''.__('Are you sure?').'\n'.__('Delete').': '.io_safe_output($map['name']).'\')) return false;">'.html_print_image(
'images/delete.svg', 'images/delete.svg',
true, true,
['class' => 'main_menu_icon invert_filter'] ['class' => 'main_menu_icon invert_filter']

2
pandora_console/godmode/reporting/visual_console_builder.data.php
View File

@ -151,7 +151,7 @@ $table->data[0][] = html_print_label_input_block(
__('Name'), __('Name'),
html_print_input_text( html_print_input_text(
'name', 'name',
$visualConsoleName, io_safe_output($visualConsoleName),
'', '',
80, 80,
100, 100,

6
pandora_console/godmode/reporting/visual_console_builder.php
View File

@ -163,7 +163,7 @@ switch ($activeTab) {
$background_color = (string) get_parameter('background_color'); $background_color = (string) get_parameter('background_color');
$width = (int) get_parameter('width'); $width = (int) get_parameter('width');
$height = (int) get_parameter('height'); $height = (int) get_parameter('height');
$visualConsoleName = (string) get_parameter('name'); $visualConsoleName = (string) io_safe_input(get_parameter('name'));
$is_favourite = (int) get_parameter('is_favourite_sent'); $is_favourite = (int) get_parameter('is_favourite_sent');
$auto_adjust = (int) get_parameter('auto_adjust_sent'); $auto_adjust = (int) get_parameter('auto_adjust_sent');
@ -239,7 +239,7 @@ switch ($activeTab) {
if ($uploadOK == 1) { if ($uploadOK == 1) {
if (move_uploaded_file($_FILES['background_image']['tmp_name'], $target_file)) { if (move_uploaded_file($_FILES['background_image']['tmp_name'], $target_file)) {
$background = $nameImage; $background = $nameImage;
$values['background'] = $background; $values['background'] = io_safe_input($background);
$error2 = chmod($target_file, 0644); $error2 = chmod($target_file, 0644);
$uploadOK = $error2; $uploadOK = $error2;
} else { } else {
@ -872,7 +872,7 @@ $buttons[$activeTab]['active'] = true;
$tab_builder = ($activeTab === 'editor') ? 'visual_console_editor_editor_tab' : ''; $tab_builder = ($activeTab === 'editor') ? 'visual_console_editor_editor_tab' : '';
ui_print_standard_header( ui_print_standard_header(
($visualConsoleName ?? ''), (io_safe_output($visualConsoleName) ?? ''),
'images/visual_console.png', 'images/visual_console.png',
false, false,
$tab_builder, $tab_builder,