security: Remove possibility of xss in Oxidized and RIPE searches (#6595)

2024-10-07 16:52:45 +00:00 · 2017-05-05 22:16:39 +01:00
parent 6734e84382
commit 868fe44390
3 changed files with 7 additions and 8 deletions
--- a/html/includes/forms/query-ripenccapi.inc.php
+++ b/html/includes/forms/query-ripenccapi.inc.php
@@ -23,10 +23,10 @@ if (isset($data_param) && isset($query_param)) {
    $status  = 'error';
    $message = 'ERROR: Could not query';
 }
-die(json_encode(array(
+die(display(json_encode(array(
     'status'       => $status,
     'message'      => $message,
     'data_param'    => $data_param,
     'query_param'    => $query_param,
-     'output'       => $output
-)));
+     'output'       => $output,
+))));
--- a/html/includes/forms/search-oxidized-config.inc.php
+++ b/html/includes/forms/search-oxidized-config.inc.php
@@ -22,10 +22,9 @@ if (isset($parameters)) {
    $status  = 'error';
    $message = 'ERROR: Could not query';
 }
-
-echo _json_encode(array(
+echo display(_json_encode(array(
     'status'                   => $status,
     'message'                  => $message,
     'search_in_conf_textbox'   => $parameters,
     'output'                   => $output
-));
+)));