tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ent-5958-xss-event-view' into 'develop' 

ignore keys on xss event comments

See merge request artica/pandorafms!3324
This commit is contained in:
Alejandro Fraguas 2020-06-22 09:56:28 +02:00
parent 7be71080eb 1eb3891e94
commit ed7c51e685
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pandora_console/include/ajax/events.php
View File

@ -1090,7 +1090,7 @@ if ($dialogue_event_response) {
if ($add_comment) {
$aviability_comment = true;
$comment = get_parameter('comment');
if (preg_match('<script>', io_safe_output($comment))) {
if (preg_match('/script/i', io_safe_output($comment))) {
$aviability_comment = false;
$return = false;
}