mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

XSS fix, cont. again (#13778)

Browse Source 
* XSS in alert template creation

* XSS in alert rule name

* XSS in service name & desc

* style

* strip_tags in alert_notes

* strip_tags in create_alert_item

* strip_tags in addsrv page
This commit is contained in:
PipoCanaja
2022-02-13 20:23:07 +01:00
committed by GitHub
parent 0029e9f161
commit 41ddce6377
6 changed files with 17 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
includes/html/forms/alert-notes.inc.php
View File

@@ -26,7 +26,7 @@ header('Content-type: application/json');
$alert_id = $vars['alert_id'];
$sub_type = $vars['sub_type'];
$note = $vars['note'] ?: '';
$note = strip_tags($vars['note']) ?: '';
$status = 'error';
if (is_numeric($alert_id)) {

2
includes/html/forms/alert-rules.inc.php
View File

@@ -56,7 +56,7 @@ $delay = $_POST['delay'];
$interval = $_POST['interval'];
$mute = isset($_POST['mute']) ? $_POST['mute'] : null;
$invert = isset($_POST['invert']) ? $_POST['invert'] : null;
$name = $_POST['name'];
$name = strip_tags($_POST['name']);
$proc = $_POST['proc'];
$recovery = ($vars['recovery']);
$invert_map = isset($_POST['invert_map']) ? $_POST['invert_map'] : null;

7
includes/html/forms/alert-templates.inc.php
View File

@@ -32,8 +32,11 @@ $template_id = 0;
$template_newid = 0;
$create = true;
$name = $vars['name'];
if (isset($vars['template']) && empty(Blade::render($vars['template']))) {
$name = strip_tags($vars['name']);
if ((isset($vars['template']) && empty(Blade::render($vars['template']))) ||
(! empty($vars['title']) && empty(Blade::render($vars['title']))) ||
(! empty($vars['title_rec']) && empty(Blade::render($vars['title_rec'])))
) {
$message = 'Template failed to be parsed, please check the syntax';
} elseif (! empty($name)) {
if ($vars['template'] && is_numeric($vars['template_id'])) {

2
includes/html/forms/create-alert-item.inc.php
View File

@@ -27,7 +27,7 @@ $delay = $_POST['delay'];
$interval = $_POST['interval'];
$mute = $_POST['mute'];
$invert = $_POST['invert'];
$name = $_POST['name'];
$name = strip_tages($_POST['name']);
if ($_POST['proc'] != '') {
$proc = $_POST['proc'];
} else {

9
includes/html/forms/create-service.inc.php
View File

@@ -28,7 +28,14 @@ if (! Auth::user()->hasGlobalAdmin()) {
exit('ERROR: You need to be admin');
}
foreach (['desc', 'ip', 'ignore', 'disabled', 'param', 'name', 'template_id'] as $varname) {
foreach (['desc', 'name'] as $varname) {
//sanitize description and name
if (isset($vars[$varname])) {
$$varname = strip_tags($vars[$varname]);
$update['service_' . $varname] = $$varname;
}
}
foreach (['ip', 'ignore', 'disabled', 'param', 'template_id'] as $varname) {
if (isset($vars[$varname])) {
$update['service_' . $varname] = $vars[$varname];
$$varname = $vars[$varname];

2
includes/html/pages/addsrv.inc.php
View File

@@ -9,7 +9,7 @@ if (! Auth::user()->hasGlobalAdmin()) {
if (Auth::user()->hasGlobalAdmin()) {
$updated = '1';
$service_id = add_service($vars['device'], $vars['type'], $vars['descr'], $vars['ip'], $vars['params'], $vars['ignore'], $vars['disabled'], 0, $vars['name']);
$service_id = add_service($vars['device'], $vars['type'], strip_tags($vars['descr']), $vars['ip'], $vars['params'], $vars['ignore'], $vars['disabled'], 0, strip_tags($vars['name']));
if ($service_id) {
$message .= $message_break . 'Service added (' . $service_id . ')!';
$message_break .= '<br />';