mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix XSS in notifications (#12504)

Browse Source
This commit is contained in:
Jellyfrog
2021-02-07 12:12:30 +01:00
committed by GitHub
parent 8fbe1b3153
commit 3d02e76e0e
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
includes/html/pages/notifications.inc.php
View File

@@ -99,7 +99,7 @@ if ($notifications['count'] > 0 && ! isset($vars['archive'])) {
<div class="row"> <div class="row">
<div class="col-md-12"> <div class="col-md-12">
<blockquote<?php echo $notif['severity'] == 2 ? ' style="border-color: darkred;"' : '' ?>> <blockquote<?php echo $notif['severity'] == 2 ? ' style="border-color: darkred;"' : '' ?>>
<p><?php echo $notif['body']; ?></p> <p><?php echo display($notif['body'], ['HTML.Allowed' => 'br']); ?></p>
<footer><?php echo $notif['datetime']; ?> | Source: <code><?php echo $notif['source']; ?></code></footer> <footer><?php echo $notif['datetime']; ?> | Source: <code><?php echo $notif['source']; ?></code></footer>
</blockquote> </blockquote>
</div> </div>
@@ -138,7 +138,7 @@ if ($notifications['count'] > 0 && ! isset($vars['archive'])) {
<div class="row"> <div class="row">
<div class="col-md-12"> <div class="col-md-12">
<blockquote<?php echo $notif['severity'] == 2 ? ' style="border-color: darkred;"' : '' ?>> <blockquote<?php echo $notif['severity'] == 2 ? ' style="border-color: darkred;"' : '' ?>>
<p><?php echo preg_replace('/\\\n/', '<br />', $notif['body']); ?></p> <p><?php echo display($notif['body'], ['HTML.Allowed' => 'br']); ?></p>
<footer><?php echo $notif['datetime']; ?> | Source: <code><?php echo $notif['source']; ?></code></footer> <footer><?php echo $notif['datetime']; ?> | Source: <code><?php echo $notif['source']; ?></code></footer>
</blockquote> </blockquote>
</div> </div>
@@ -178,7 +178,7 @@ if ($notifications['count'] > 0 && ! isset($vars['archive'])) {
<div class="row"> <div class="row">
<div class="col-md-12"> <div class="col-md-12">
<blockquote<?php echo $notif['severity'] == 2 ? ' style="border-color: darkred;"' : '' ?>> <blockquote<?php echo $notif['severity'] == 2 ? ' style="border-color: darkred;"' : '' ?>>
<p><?php echo preg_replace('/\\\n/', '<br />', $notif['body']); ?></p> <p><?php echo display($notif['body'], ['HTML.Allowed' => 'br']); ?></p>
<footer><?php echo $notif['datetime']; ?> | Source: <code><?php echo $notif['source']; ?></code></footer> <footer><?php echo $notif['datetime']; ?> | Source: <code><?php echo $notif['source']; ?></code></footer>
</blockquote> </blockquote>
</div> </div>