mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix another addcslashes incorrect escape in eventlog (#15313)

Browse Source 
and many more
reported by: https://huntr.dev/users/hainguyen0207
This commit is contained in:
Tony Murray
2023-09-14 00:07:08 -05:00
committed by GitHub
parent e4c46a4536
commit 03c4da62c8
4 changed files with 11 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
includes/html/common/eventlog.inc.php
View File

@@ -13,6 +13,8 @@
* @author LibreNMS Contributors * @author LibreNMS Contributors
*/ */
$vars['eventtype'] = 'test\"-alert(document.cookie)//';
$common_output[] = ' $common_output[] = '
<div class="table-responsive"> <div class="table-responsive">
<table id="eventlog" class="table table-hover table-condensed table-striped"> <table id="eventlog" class="table table-hover table-condensed table-striped">
@@ -36,7 +38,7 @@ var eventlog_grid = $("#eventlog").bootgrid({
{ {
return { return {
device: ' . (empty($vars['device']) ? 'null' : (int) $vars['device']) . ', device: ' . (empty($vars['device']) ? 'null' : (int) $vars['device']) . ',
eventtype: "' . addcslashes($vars['eventtype'] ?? '', '"') . '", eventtype: "' . htmlspecialchars($vars['eventtype'] ?? '') . '",
}; };
}, },
url: "' . url('/ajax/table/eventlog') . '" url: "' . url('/ajax/table/eventlog') . '"

10
includes/html/common/syslog.inc.php
View File

@@ -37,11 +37,11 @@ var syslog_grid = $("#syslog").bootgrid({
post: function () post: function ()
{ {
return { return {
device: "' . addcslashes($vars['device'] ?? '', '"') . '", device: "' . htmlspecialchars($vars['device'] ?? '') . '",
program: "' . addcslashes($vars['program'] ?? '', '"') . '", program: "' . htmlspecialchars($vars['program'] ?? '') . '",
priority: "' . addcslashes($vars['priority'] ?? '', '"') . '", priority: "' . htmlspecialchars($vars['priority'] ?? '') . '",
to: "' . addcslashes($vars['to'] ?? '', '"') . '", to: "' . htmlspecialchars($vars['to'] ?? '') . '",
from: "' . addcslashes($vars['from'] ?? '', '"') . '", from: "' . htmlspecialchars($vars['from'] ?? '') . '",
}; };
}, },
url: "' . url('/ajax/table/syslog') . '" url: "' . url('/ajax/table/syslog') . '"

2
includes/html/pages/eventlog.inc.php
View File

@@ -106,6 +106,6 @@ $pagetitle[] = 'Eventlog';
} }
} }
} }
})<?php echo Request::get('eventtype') ? ".val('" . addcslashes(Request::get('eventtype'), "'") . "').trigger('change');" : ''; ?>; })<?php echo Request::get('eventtype') ? ".val('" . htmlspecialchars(Request::get('eventtype')) . "').trigger('change');" : ''; ?>;
</script> </script>

4
includes/html/pages/syslog.inc.php
View File

@@ -171,7 +171,7 @@ $pagetitle[] = 'Syslog';
} }
} }
} }
})<?php echo isset($vars['program']) ? ".val('" . addcslashes($vars['program'], "'") . "').trigger('change');" : ''; ?>; })<?php echo isset($vars['program']) ? ".val('" . htmlspecialchars($vars['program']) . "').trigger('change');" : ''; ?>;
$("#priority").select2({ $("#priority").select2({
theme: "bootstrap", theme: "bootstrap",
@@ -191,6 +191,6 @@ $pagetitle[] = 'Syslog';
} }
} }
} }
})<?php echo isset($vars['priority']) ? ".val('" . addcslashes($vars['priority'], "'") . "').trigger('change');" : ''; ?>; })<?php echo isset($vars['priority']) ? ".val('" . htmlspecialchars($vars['priority']) . "').trigger('change');" : ''; ?>;
</script> </script>