mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix html injection in user fields (#10535)

Browse Source 
validate realname and descr to alpha/numeric/spaces only
This flaw is actually in bootgrid, the html isn't interpreted until bootgrid loads.
This commit is contained in:
Tony Murray
2019-08-21 20:36:22 -05:00
committed by GitHub
parent a1c8fe63ee
commit 2441096015
4 changed files with 9 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/Http/Requests/UpdateUserRequest.php
View File

@@ -37,9 +37,9 @@ class UpdateUserRequest extends FormRequest
public function rules()
{
return [
'realname' => 'max:64',
'realname' => 'nullable|max:64|alpha_space',
'email' => 'nullable|email|max:64',
'descr' => 'max:30',
'descr' => 'nullable|max:30|alpha_space',
'level' => 'int',
'old_password' => 'nullable|string',
'new_password' => 'nullable|confirmed|min:' . Config::get('password.min_length', 8),