From fc37d9919c7dadf34ad4cb2811467d988271b894 Mon Sep 17 00:00:00 2001
From: "jose.gonzalez@pandorafms.com" <jose.gonzalez@pandorafms.com>
Date: Thu, 13 Oct 2022 12:06:04 +0200
Subject: [PATCH] Fix javascript injection in agent names

---
 pandora_console/godmode/agentes/configurar_agente.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pandora_console/godmode/agentes/configurar_agente.php b/pandora_console/godmode/agentes/configurar_agente.php
index af29579055..f71ead533b 100644
--- a/pandora_console/godmode/agentes/configurar_agente.php
+++ b/pandora_console/godmode/agentes/configurar_agente.php
@@ -181,7 +181,7 @@ $module_macros = [];
 // Create agent.
 if ($create_agent) {
     $mssg_warning = 0;
-    $alias_safe_output = io_safe_output(get_parameter('alias', ''));
+    $alias_safe_output = strip_tags(io_safe_output(get_parameter('alias', '')));
     $alias = io_safe_input(trim(preg_replace('/[\/\\\|%#&$]/', '', $alias_safe_output)));
     $alias_as_name = (int) get_parameter_post('alias_as_name', 0);
     $direccion_agente = (string) get_parameter_post('direccion', '');
@@ -935,7 +935,7 @@ if ($update_agent) {
     $mssg_warning = 0;
     $id_agente = (int) get_parameter_post('id_agente');
     $nombre_agente = str_replace('`', '&lsquo;', (string) get_parameter_post('agente', ''));
-    $alias_safe_output = io_safe_output(get_parameter('alias', ''));
+    $alias_safe_output = strip_tags(io_safe_output(get_parameter('alias', '')));
     $alias = io_safe_input(trim(preg_replace('/[\/\\\|%#&$]/', '', $alias_safe_output)));
     $alias_as_name = (int) get_parameter_post('alias_as_name', 0);
     $direccion_agente = (string) get_parameter_post('direccion', '');