Merge branch 'ent-12122-CVE-2023-44088-SQL-Injection-en-Consola-Visual' into 'develop'

Ent 12122 cve 2023 44088 sql injection en consola visual See merge request artica/pandorafms!6525
2023-11-27 10:26:30 +00:00 · 2023-11-27 10:26:30 +00:00 · e5df1a5285
parent cd8652f9e6 5b7e1a9c80
commit e5df1a5285
3 changed files with 8 additions and 8 deletions
--- a/pandora_console/godmode/reporting/map_builder.php
+++ b/pandora_console/godmode/reporting/map_builder.php
@ -519,9 +519,9 @@ if (!$maps && is_metaconsole() === false) {
        $data = [];

        if (is_metaconsole() === false) {
-            $data[0] = '<a href="index.php?sec=network&amp;sec2=operation/visual_console/render_view&amp;id='.$map['id'].'&amp;refr='.$refr.'">'.$map['name'].'</a>';
+            $data[0] = '<a href="index.php?sec=network&amp;sec2=operation/visual_console/render_view&amp;id='.$map['id'].'&amp;refr='.$refr.'">'.io_safe_output($map['name']).'</a>';
        } else {
-            $data[0] = '<a href="index.php?sec=screen&sec2=screens/screens&action=visualmap&pure='.$pure.'&id='.$map['id'].'&amp;refr='.$refr.'">'.$map['name'].'</a>';
+            $data[0] = '<a href="index.php?sec=screen&sec2=screens/screens&action=visualmap&pure='.$pure.'&id='.$map['id'].'&amp;refr='.$refr.'">'.io_safe_output($map['name']).'</a>';
        }

        $data[1] = ui_print_group_icon($map['id_group'], true);
@ -541,7 +541,7 @@ if (!$maps && is_metaconsole() === false) {
                    true,
                    ['class' => 'main_menu_icon invert_filter']
                ).'</a>';
-                $data[4] = '<a class="delete_visualmap" href="index.php?sec=network&amp;sec2=godmode/reporting/map_builder&amp;id_layout='.$map['id'].'&amp;delete_layout=1" onclick="javascript: if (!confirm(\''.__('Are you sure?').'\n'.__('Delete').': '.$map['name'].'\')) return false;">'.html_print_image(
+                $data[4] = '<a class="delete_visualmap" href="index.php?sec=network&amp;sec2=godmode/reporting/map_builder&amp;id_layout='.$map['id'].'&amp;delete_layout=1" onclick="javascript: if (!confirm(\''.__('Are you sure?').'\n'.__('Delete').': '.io_safe_output($map['name']).'\')) return false;">'.html_print_image(
                    'images/delete.svg',
                    true,
                    ['class' => 'main_menu_icon invert_filter']
@ -552,7 +552,7 @@ if (!$maps && is_metaconsole() === false) {
                    true,
                    ['class' => 'main_menu_icon invert_filter']
                ).'</a>';
-                $data[4] = '<a class="delete_visualmap" href="index.php?sec=screen&sec2=screens/screens&action=visualmap&pure='.$pure.'&id_layout='.$map['id'].'&amp;delete_layout=1" onclick="javascript: if (!confirm(\''.__('Are you sure?').'\n'.__('Delete').': '.$map['name'].'\')) return false;">'.html_print_image(
+                $data[4] = '<a class="delete_visualmap" href="index.php?sec=screen&sec2=screens/screens&action=visualmap&pure='.$pure.'&id_layout='.$map['id'].'&amp;delete_layout=1" onclick="javascript: if (!confirm(\''.__('Are you sure?').'\n'.__('Delete').': '.io_safe_output($map['name']).'\')) return false;">'.html_print_image(
                    'images/delete.svg',
                    true,
                    ['class' => 'main_menu_icon invert_filter']
--- a/pandora_console/godmode/reporting/visual_console_builder.data.php
+++ b/pandora_console/godmode/reporting/visual_console_builder.data.php
@ -151,7 +151,7 @@ $table->data[0][] = html_print_label_input_block(
    __('Name'),
    html_print_input_text(
        'name',
-        $visualConsoleName,
+        io_safe_output($visualConsoleName),
        '',
        80,
        100,
--- a/pandora_console/godmode/reporting/visual_console_builder.php
+++ b/pandora_console/godmode/reporting/visual_console_builder.php
@ -163,7 +163,7 @@ switch ($activeTab) {
                $background_color = (string) get_parameter('background_color');
                $width = (int) get_parameter('width');
                $height = (int) get_parameter('height');
-                $visualConsoleName = (string) get_parameter('name');
+                $visualConsoleName = (string) io_safe_input(get_parameter('name'));
                $is_favourite  = (int) get_parameter('is_favourite_sent');
                $auto_adjust  = (int) get_parameter('auto_adjust_sent');

@ -239,7 +239,7 @@ switch ($activeTab) {
                        if ($uploadOK == 1) {
                            if (move_uploaded_file($_FILES['background_image']['tmp_name'], $target_file)) {
                                $background = $nameImage;
-                                $values['background'] = $background;
+                                $values['background'] = io_safe_input($background);
                                $error2 = chmod($target_file, 0644);
                                $uploadOK = $error2;
                            } else {
@ -872,7 +872,7 @@ $buttons[$activeTab]['active'] = true;

 $tab_builder = ($activeTab === 'editor') ? 'visual_console_editor_editor_tab' : '';
 ui_print_standard_header(
-    ($visualConsoleName ?? ''),
+    (io_safe_output($visualConsoleName) ?? ''),
    'images/visual_console.png',
    false,
    $tab_builder,