Sanity!

alerts.php

@@ -182,7 +182,7 @@ function RunFollowUp() {
         }
 
         $alert['details'] = json_decode(gzuncompress($alert['details']), true);
-        $rextra           = json_decode($alert['extra'], true);
+        $rextra           = json_decode(htmlspecialchars_decode($alert['extra']), true);
         if ($rextra['invert']) {
             continue;
         }
@@ -237,7 +237,7 @@ function RunAlerts() {
         $noiss            = false;
         $noacc            = false;
         $updet            = false;
-        $rextra           = json_decode($alert['extra'], true);
+        $rextra           = json_decode(htmlspecialchars_decode($alert['extra']), true);
         $chk              = dbFetchRow('SELECT alerts.alerted,devices.ignore,devices.disabled FROM alerts,devices WHERE alerts.device_id = ? && devices.device_id = alerts.device_id && alerts.rule_id = ?', array($alert['device_id'], $alert['rule_id']));
         if ($chk['alerted'] == $alert['state']) {
             $noiss = true;

html/ajax_dash.php

@@ -39,7 +39,7 @@ elseif (is_file('includes/common/'.$type.'.inc.php')) {
     $title             = ucfirst($type);
     $unique_id         = str_replace(array("-","."),"_",uniqid($type,true));
     $widget_id         = mres($_POST['id']);
-    $widget_settings   = json_decode(dbFetchCell('select settings from users_widgets where user_widget_id = ?',array($widget_id)),true);
+    $widget_settings   = json_decode(htmlspecialchars_decode(dbFetchCell('select settings from users_widgets where user_widget_id = ?',array($widget_id))),true);
     $widget_dimensions = $_POST['dimensions'];
     if( !empty($_POST['settings']) ) {
         define('show_settings',true);

html/includes/vars.inc.php

@@ -43,3 +43,5 @@ foreach ($_GET as $name => $value) {
 foreach ($_POST as $name => $value) {
     $vars[$name] = $value;
 }
+
+array_walk_recursive($vars,'sanitize_array');

html/index.php

@@ -214,14 +214,6 @@ else {
     <div class="col-md-12">
 <?php
 
-// To help debug the new URLs :)
-if (isset($devel) || isset($vars['devel'])) {
-    echo("<pre>");
-    print_r($_GET);
-    print_r($vars);
-    echo("</pre>");
-}
-
 if ($_SESSION['authenticated']) {
     // Authenticated. Print a page.
     if (isset($vars['page']) && !strstr("..", $vars['page']) &&  is_file("pages/" . $vars['page'] . ".inc.php")) {

includes/alerts.inc.php

@@ -31,6 +31,7 @@ include_once($config['install_dir'].'/html/includes/authentication/'.$config['au
  * @return string|boolean
  */
 function GenSQL($rule) {
+    $rule = htmlspecialchars_decode($rule);
     $rule = RunMacros($rule);
     if( empty($rule) ) {
         //Cannot resolve Macros due to recursion. Rule is invalid.

includes/common.php

@@ -1255,3 +1255,16 @@ function get_port_id ($ports_mapped, $port, $port_association_mode) {
 
     return $port_id;
 }
+
+/**
+ * Sanitize
+ * @param mixed $item Reference to Item
+ * @param mixed $key Key
+ * @return void
+ */
+function sanitize_array(&$item, $key) {
+    $tmp = htmlspecialchars($item);
+    if( !empty($tmp) ){
+        $item = $tmp;
+    }
+}

includes/dbFacile.mysql.php

@@ -266,6 +266,7 @@ function dbFetchRows($sql, $parameters=array(), $nocache=false) {
         if ($config['memcached']['enable'] && $nocache === false) {
             $config['memcached']['resource']->set(hash('sha512',$sql.'|'.serialize($parameters)),$rows,$config['memcached']['ttl']);
         }
+        array_walk_recursive($rows,'sanitize_array');
         return $rows;
     }
 
@@ -333,6 +334,7 @@ function dbFetchRow($sql=null, $parameters=array(), $nocache=false) {
         if ($config['memcached']['enable'] && $nocache === false) {
             $config['memcached']['resource']->set(hash('sha512',$sql.'|'.serialize($parameters)),$row,$config['memcached']['ttl']);
         }
+        array_walk_recursive($row,'sanitize_array');
         return $row;
     }
     else {

includes/dbFacile.mysqli.php

@@ -267,6 +267,7 @@ function dbFetchRows($sql, $parameters=array(), $nocache=false) {
         if ($config['memcached']['enable'] && $nocache === false) {
             $config['memcached']['resource']->set(hash('sha512',$sql.'|'.serialize($parameters)),$rows,$config['memcached']['ttl']);
         }
+        array_walk_recursive($rows,'sanitize_array');
         return $rows;
     }
 
@@ -334,6 +335,7 @@ function dbFetchRow($sql=null, $parameters=array(), $nocache=false) {
         if ($config['memcached']['enable'] && $nocache === false) {
             $config['memcached']['resource']->set(hash('sha512',$sql.'|'.serialize($parameters)),$row,$config['memcached']['ttl']);
         }
+        array_walk_recursive($row,'sanitize_array');
         return $row;
     }
     else {