Merge branch 'ent-5955-XSS-System-logfiles' into 'develop'

Solved security issue with system logfiles field Closes pandora_enterprise#5955 See merge request artica/pandorafms!3289
2020-06-15 10:24:48 +02:00 · 2020-06-15 10:24:48 +02:00 · f8c9448866
parent 62ce710b5b 251e6669b9
commit f8c9448866
1 changed files with 1 additions and 1 deletions
--- a/pandora_console/include/functions_config.php
+++ b/pandora_console/include/functions_config.php
@ -287,7 +287,7 @@ function config_update_config()
                        $error_update[] = __('Command Snapshot');
                    }

-                    if (!config_update_value('server_log_dir', get_parameter('server_log_dir'))) {
+                    if (!config_update_value('server_log_dir', io_safe_input(strip_tags(io_safe_output(get_parameter('server_log_dir')))))) {
                        $error_update[] = __('Server logs directory');
                    }