mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix html injection in user fields (#10535)

Browse Source 
validate realname and descr to alpha/numeric/spaces only
This flaw is actually in bootgrid, the html isn't interpreted until bootgrid loads.
This commit is contained in:
Tony Murray
2019-08-21 20:36:22 -05:00
committed by GitHub
parent a1c8fe63ee
commit 2441096015
4 changed files with 9 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
resources/lang/en/validation.php
View File

@@ -20,6 +20,7 @@ return [
'alpha' => 'The :attribute may only contain letters.',
'alpha_dash' => 'The :attribute may only contain letters, numbers, dashes and underscores.',
'alpha_num' => 'The :attribute may only contain letters and numbers.',
'alpha_space' => 'The :attribute may only contain letters, numbers, underscores and spaces.',
'array' => 'The :attribute must be an array.',
'before' => 'The :attribute must be a date before :date.',
'before_or_equal' => 'The :attribute must be a date before or equal to :date.',