tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ent-9208-Codigo-depuracion-expuesto-a-clientes' into 'develop' 

Fix javascript injection in agent names

pandora_enterprise#9208

See merge request artica/pandorafms!5193
This commit is contained in:
Jimmy Olano 2022-10-17 17:28:39 +00:00
parent 38af75ccc1 fc37d9919c
commit ff4cff6f7a
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pandora_console/godmode/agentes/configurar_agente.php
View File

@ -181,7 +181,7 @@ $module_macros = [];
// Create agent.
if ($create_agent) {
$mssg_warning = 0;
$alias_safe_output = io_safe_output(get_parameter('alias', ''));
$alias_safe_output = strip_tags(io_safe_output(get_parameter('alias', '')));
$alias = io_safe_input(trim(preg_replace('/[\/\\\|%#&$]/', '', $alias_safe_output)));
$alias_as_name = (int) get_parameter_post('alias_as_name', 0);
$direccion_agente = (string) get_parameter_post('direccion', '');
@ -935,7 +935,7 @@ if ($update_agent) {
$mssg_warning = 0;
$id_agente = (int) get_parameter_post('id_agente');
$nombre_agente = str_replace('`', '‘', (string) get_parameter_post('agente', ''));
$alias_safe_output = io_safe_output(get_parameter('alias', ''));
$alias_safe_output = strip_tags(io_safe_output(get_parameter('alias', '')));
$alias = io_safe_input(trim(preg_replace('/[\/\\\|%#&$]/', '', $alias_safe_output)));
$alias_as_name = (int) get_parameter_post('alias_as_name', 0);
$direccion_agente = (string) get_parameter_post('direccion', '');