tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix javascript injection in agent names

This commit is contained in:
jose.gonzalez@pandorafms.com 2022-10-13 12:06:04 +02:00
parent b98b0f3ab3
commit fc37d9919c
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pandora_console/godmode/agentes/configurar_agente.php
View File

@ -181,7 +181,7 @@ $module_macros = [];
// Create agent.
if ($create_agent) {
$mssg_warning = 0;
$alias_safe_output = io_safe_output(get_parameter('alias', ''));
$alias_safe_output = strip_tags(io_safe_output(get_parameter('alias', '')));
$alias = io_safe_input(trim(preg_replace('/[\/\\\|%#&$]/', '', $alias_safe_output)));
$alias_as_name = (int) get_parameter_post('alias_as_name', 0);
$direccion_agente = (string) get_parameter_post('direccion', '');
@ -935,7 +935,7 @@ if ($update_agent) {
$mssg_warning = 0;
$id_agente = (int) get_parameter_post('id_agente');
$nombre_agente = str_replace('`', '‘', (string) get_parameter_post('agente', ''));
$alias_safe_output = io_safe_output(get_parameter('alias', ''));
$alias_safe_output = strip_tags(io_safe_output(get_parameter('alias', '')));
$alias = io_safe_input(trim(preg_replace('/[\/\\\|%#&$]/', '', $alias_safe_output)));
$alias_as_name = (int) get_parameter_post('alias_as_name', 0);
$direccion_agente = (string) get_parameter_post('direccion', '');