mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix scheduled maintenance xss (#14360)

Browse Source 
Fix for fields title, notes, and maybe recurring_day. Other fields can't store html.

https://huntr.dev/bounties/bcb6ee68-1452-4fdb-932a-f1031d10984f/
This commit is contained in:
Tony Murray
2022-09-16 11:59:48 -05:00
committed by GitHub
parent 15fd7d0653
commit 0805002086
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
app/Http/Controllers/Table/AlertScheduleController.php
View File

@@ -65,8 +65,8 @@ class AlertScheduleController extends TableController
public function formatItem($schedule)
{
return [
'title' => $schedule->title,
'notes' => $schedule->notes,
'title' => htmlentities($schedule->title),
'notes' => htmlentities($schedule->notes),
'id' => $schedule->schedule_id,
'start' => $schedule->recurring ? '' : $schedule->start->toDateTimeString('minutes'),
'end' => $schedule->recurring ? '' : $schedule->end->toDateTimeString('minutes'),
@@ -75,7 +75,7 @@ class AlertScheduleController extends TableController
'end_recurring_dt' => $schedule->recurring ? $schedule->end_recurring_dt : '',
'end_recurring_hr' => $schedule->recurring ? $schedule->end_recurring_hr : '',
'recurring' => $schedule->recurring ? __('Yes') : __('No'),
'recurring_day' => $schedule->recurring ? implode(',', $schedule->recurring_day) : '',
'recurring_day' => $schedule->recurring ? htmlentities(implode(',', $schedule->recurring_day)) : '',
'status' => $schedule->status,
];
}