mirror of
https://github.com/librenms/librenms.git
synced 2024-10-07 16:52:45 +00:00
Fix html injection in user fields (#10535)
validate realname and descr to alpha/numeric/spaces only This flaw is actually in bootgrid, the html isn't interpreted until bootgrid loads.
This commit is contained in:
@@ -34,9 +34,9 @@ class StoreUserRequest extends FormRequest
|
||||
'max:255',
|
||||
Rule::unique('users', 'username')->where('auth_type', LegacyAuth::getType()),
|
||||
],
|
||||
'realname' => 'max:64',
|
||||
'realname' => 'nullable|max:64|alpha_space',
|
||||
'email' => 'nullable|email|max:64',
|
||||
'descr' => 'max:30',
|
||||
'descr' => 'nullable|max:30|alpha_space',
|
||||
'level' => 'int',
|
||||
'new_password' => 'required|confirmed|min:' . Config::get('password.min_length', 8),
|
||||
'dashboard' => 'int',
|
||||
|
||||
Reference in New Issue
Block a user