XSS fixes (#13780)

includes/html/forms/add-dashboard.inc.php

@@ -34,7 +34,7 @@ if (! Auth::check()) {
 $status = 'error';
 $message = 'unknown error';
 
-$dashboard_name = trim($_REQUEST['dashboard_name']);
+$dashboard_name = trim(strip_tags($_REQUEST['dashboard_name']));
 
 if (! empty($dashboard_name) && ($dash_id = dbInsert(['dashboard_name' => $dashboard_name, 'user_id' => Auth::id()], 'dashboards'))) {
     $status = 'ok';

includes/html/forms/customoid.inc.php

@@ -17,9 +17,9 @@ $message = '';
 $device_id = $_POST['device_id'];
 $id = $_POST['ccustomoid_id'];
 $action = $_POST['action'];
-$name = $_POST['name'];
-$oid = $_POST['oid'];
-$datatype = $_POST['datatype'];
+$name = strip_tags($_POST['name']);
+$oid = strip_tags($_POST['oid']);
+$datatype = strip_tags($_POST['datatype']);
 if (empty(($_POST['unit']))) {
     $unit = ['NULL'];
 } else {

includes/html/forms/transport-groups.inc.php

@@ -35,7 +35,7 @@ $status = 'ok';
 $message = '';
 
 $group_id = $vars['group_id'];
-$name = $vars['name'];
+$name = strip_tags($vars['name']);
 
 $target_members = [];
 foreach ((array) $vars['members'] as $target) {