mirror of
https://github.com/librenms/librenms.git
synced 2024-10-07 16:52:45 +00:00
Fix widget title injection vulnerability (#13452)
Prevent html/js code from being injected into widget titles.
This commit is contained in:
@@ -103,7 +103,7 @@ class OverviewController extends Controller
|
||||
$data = serialize(json_encode($data));
|
||||
$dash_config = unserialize($data);
|
||||
$hide_dashboard_editor = UserPref::getPref($user, 'hide_dashboard_editor');
|
||||
$widgets = Widget::select('widget_id', 'widget_title')->orderBy('widget_title')->get();
|
||||
$widgets = Widget::select(['widget_id', 'widget_title'])->orderBy('widget_title')->get();
|
||||
|
||||
$user_list = [];
|
||||
if ($user->can('manage', User::class)) {
|
||||
|
||||
Reference in New Issue
Block a user