mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix unsanitized input injection (#15184)

Browse Source 
Search for and sanitize import that is output to html.
Spurred by report from [Hakiduck](https://huntr.dev/users/mike993/)
This commit is contained in:
Tony Murray
2023-08-02 10:37:22 -05:00
committed by GitHub
parent 3252ea37af
commit 91c57a1ee5
12 changed files with 36 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
includes/html/pages/apps/ntp.inc.php
View File

@@ -97,8 +97,8 @@ print_optionbar_end();
{
return {
id: "app_ntp",
view: '<?php echo $vars['view']; ?>',
graph: '<?php echo $vars['graph']; ?>',
view: '<?php echo htmlspecialchars($vars['view']); ?>',
graph: '<?php echo htmlspecialchars($vars['graph']); ?>',
};
},
url: "ajax_table.php",

4
includes/html/pages/device/port/realtime.inc.php
View File

@@ -35,8 +35,8 @@ print_optionbar_end();
?>
<div align="center" style="margin: 30px;">
<object data="graph-realtime.php?type=bits&id=<?php echo $port['port_id'] . '&interval=' . $vars['interval']; ?>" type="image/svg+xml" width="1000" height="400">
<param name="src" value="graph.php?type=bits&id=<?php echo $port['port_id'] . '&interval=' . $vars['interval']; ?>" />
<object data="graph-realtime.php?type=bits&id=<?php echo $port['port_id'] . '&interval=' . htmlspecialchars($vars['interval']); ?>" type="image/svg+xml" width="1000" height="400">
<param name="src" value="graph.php?type=bits&id=<?php echo $port['port_id'] . '&interval=' . htmlspecialchars($vars['interval']); ?>" />
Your browser does not support the type SVG! You need to either use Firefox or download the Adobe SVG plugin.
</object>
</div>

2
includes/html/pages/health/mempool.inc.php
View File

@@ -53,7 +53,7 @@ $graph_view = $vars['view'] == 'graphs';
post: function ()
{
return {
view: '<?php echo $vars['view']; ?>'
view: '<?php echo htmlspecialchars($vars['view']); ?>'
};
},
url: "<?php echo url('/ajax/table/mempools'); ?>"

2
includes/html/pages/health/processor.inc.php
View File

@@ -51,7 +51,7 @@ $pagetitle[] = 'Health :: Processor';
{
return {
id: "processor",
view: '<?php echo $vars['view']; ?>'
view: '<?php echo htmlspecialchars($vars['view']); ?>'
};
},
url: "ajax_table.php"

8
includes/html/pages/health/sensors.inc.php
View File

@@ -105,10 +105,10 @@ switch ($class) {
post: function () {
return {
id: 'sensors',
view: '<?php echo $vars['view']; ?>',
graph_type: '<?php echo $graph_type; ?>',
unit: '<?php echo $unit; ?>',
class: '<?php echo $class; ?>'
view: '<?php echo htmlspecialchars($vars['view']); ?>',
graph_type: '<?php echo htmlspecialchars($graph_type); ?>',
unit: '<?php echo htmlspecialchars($unit); ?>',
class: '<?php echo htmlspecialchars($class); ?>'
};
},
url: "ajax_table.php"

2
includes/html/pages/health/storage.inc.php
View File

@@ -52,7 +52,7 @@ $pagetitle[] = 'Health :: Storage';
{
return {
id: "storage",
view: '<?php echo $vars['view']; ?>'
view: '<?php echo htmlspecialchars($vars['view']); ?>'
};
},
url: "ajax_table.php"

2
includes/html/pages/health/toner.inc.php
View File

@@ -52,7 +52,7 @@ $pagetitle[] = 'Health :: Toner';
{
return {
id: "toner",
view: '<?php echo $vars['view']; ?>'
view: '<?php echo htmlspecialchars($vars['view']); ?>'
};
},
url: "ajax_table.php"

4
includes/html/pages/outages.inc.php
View File

@@ -55,10 +55,10 @@ $pagetitle[] = 'Outages';
?>
'</div>' +
'&nbsp;&nbsp;<div class="form-group">' +
'<input name="from" type="text" class="form-control" id="dtpickerfrom" maxlength="16" value="<?php echo $vars['from']; ?>" placeholder="From" data-date-format="YYYY-MM-DD HH:mm">' +
'<input name="from" type="text" class="form-control" id="dtpickerfrom" maxlength="16" value="<?php echo htmlspecialchars($vars['from']); ?>" placeholder="From" data-date-format="YYYY-MM-DD HH:mm">' +
'</div>' +
'<div class="form-group">' +
'&nbsp;&nbsp;<input name="to" type="text" class="form-control" id="dtpickerto" maxlength="16" value="<?php echo $vars['to']; ?>" placeholder="To" data-date-format="YYYY-MM-DD HH:mm">' +
'&nbsp;&nbsp;<input name="to" type="text" class="form-control" id="dtpickerto" maxlength="16" value="<?php echo htmlspecialchars($vars['to']); ?>" placeholder="To" data-date-format="YYYY-MM-DD HH:mm">' +
'</div>' +
'&nbsp;&nbsp;<button type="submit" class="btn btn-default">Filter</button>' +
'</form>' +

26
includes/html/pages/ports/list.inc.php
View File

@@ -113,20 +113,20 @@ var grid = $("#ports").bootgrid({
post: function ()
{
return {
device_id: '<?php echo $vars['device_id'] ?? ''; ?>',
device_id: '<?php echo htmlspecialchars($vars['device_id'] ?? ''); ?>',
hostname: '<?php echo htmlspecialchars($vars['hostname'] ?? ''); ?>',
state: '<?php echo $vars['state'] ?? ''; ?>',
ifSpeed: '<?php echo $vars['ifSpeed'] ?? ''; ?>',
ifType: '<?php echo $vars['ifType'] ?? ''; ?>',
port_descr_type: '<?php echo $vars['port_descr_type'] ?? ''; ?>',
ifAlias: '<?php echo $vars['ifAlias'] ?? ''; ?>',
location: '<?php echo $vars['location'] ?? ''; ?>',
disabled: '<?php echo $vars['disabled'] ?? ''; ?>',
ignore: '<?php echo $vars['ignore'] ?? ''; ?>',
deleted: '<?php echo $vars['deleted'] ?? ''; ?>',
errors: '<?php echo $vars['errors'] ?? ''; ?>',
group: '<?php echo $vars['group'] ?? ''; ?>',
devicegroup: '<?php echo $vars['devicegroup'] ?? ''; ?>',
state: '<?php echo htmlspecialchars($vars['state'] ?? ''); ?>',
ifSpeed: '<?php echo htmlspecialchars($vars['ifSpeed'] ?? ''); ?>',
ifType: '<?php echo htmlspecialchars($vars['ifType'] ?? ''); ?>',
port_descr_type: '<?php echo htmlspecialchars($vars['port_descr_type'] ?? ''); ?>',
ifAlias: '<?php echo htmlspecialchars($vars['ifAlias'] ?? ''); ?>',
location: '<?php echo htmlspecialchars($vars['location'] ?? '') ?>',
disabled: '<?php echo htmlspecialchars($vars['disabled'] ?? ''); ?>',
ignore: '<?php echo htmlspecialchars($vars['ignore'] ?? ''); ?>',
deleted: '<?php echo htmlspecialchars($vars['deleted'] ?? ''); ?>',
errors: '<?php echo htmlspecialchars($vars['errors'] ?? ''); ?>',
group: '<?php echo htmlspecialchars($vars['group'] ?? ''); ?>',
devicegroup: '<?php echo htmlspecialchars($vars['devicegroup'] ?? ''); ?>',
};
},
url: '<?php echo route('table.ports') ?>'

6
includes/html/pages/search/fdb.inc.php
View File

@@ -128,9 +128,9 @@ echo '"' . $vars['searchPhrase'] . '"+';
post: function ()
{
return {
device_id: '<?php echo $vars['device_id']; ?>',
searchby: '<?php echo $vars['searchby']; ?>',
searchPhrase: '<?php echo $vars['searchPhrase']; ?>',
device_id: '<?php echo htmlspecialchars($vars['device_id']); ?>',
searchby: '<?php echo htmlspecialchars($vars['searchby']); ?>',
searchPhrase: '<?php echo htmlspecialchars($vars['searchPhrase']); ?>',
dns: $("#fdb-search").bootgrid("getColumnSettings").find(col => col.id === "dnsname").visible,
};
},

4
includes/html/pages/syslog.inc.php
View File

@@ -82,10 +82,10 @@ $pagetitle[] = 'Syslog';
'</select>' +
'</div>' +
'&nbsp;&nbsp;<div class="form-group">' +
'<input name="from" type="text" class="form-control" id="dtpickerfrom" maxlength="16" value="<?php echo $vars['from'] ?? ''; ?>" placeholder="From" data-date-format="YYYY-MM-DD HH:mm">' +
'<input name="from" type="text" class="form-control" id="dtpickerfrom" maxlength="16" value="<?php echo htmlspecialchars($vars['from'] ?? ''); ?>" placeholder="From" data-date-format="YYYY-MM-DD HH:mm">' +
'</div>' +
'<div class="form-group">' +
'&nbsp;&nbsp;<input name="to" type="text" class="form-control" id="dtpickerto" maxlength="16" value="<?php echo $vars['to'] ?? ''; ?>" placeholder="To" data-date-format="YYYY-MM-DD HH:mm">' +
'&nbsp;&nbsp;<input name="to" type="text" class="form-control" id="dtpickerto" maxlength="16" value="<?php echo htmlspecialchars($vars['to'] ?? ''); ?>" placeholder="To" data-date-format="YYYY-MM-DD HH:mm">' +
'</div>' +
'&nbsp;&nbsp;<button type="submit" class="btn btn-default">Filter</button>' +
'</form>' +

8
includes/html/pages/wireless/sensors.inc.php
View File

@@ -51,10 +51,10 @@
{
return {
id: 'wireless-sensors',
view: '<?php echo $vars['view']; ?>',
graph_type: '<?php echo $graph_type; ?>',
unit: '<?php echo $unit; ?>',
class: '<?php echo $class; ?>'
view: '<?php echo htmlspecialchars($vars['view']); ?>',
graph_type: '<?php echo htmlspecialchars($graph_type); ?>',
unit: '<?php echo htmlspecialchars($unit); ?>',
class: '<?php echo htmlspecialchars($class); ?>'
};
},
url: "ajax_table.php"