mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix js injections issues in device overview (#12475)

Browse Source 
Thanks to @weev on Discord for reporting the issue
This commit is contained in:
Tony Murray
2021-01-27 22:09:13 -06:00
committed by GitHub
parent a06d3babad
commit 9ad60ac76d
2 changed files with 10 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
includes/functions.php
View File

@@ -884,11 +884,6 @@ function send_mail($emails, $subject, $message, $html = false)
return 'No contacts found';
}
function formatCiscoHardware(&$device, $short = false)
{
return \LibreNMS\Util\Rewrite::ciscoHardware($device, $short);
}
function hex2str($hex)
{
$string = '';

20
includes/html/dev-overview-data.inc.php
View File

@@ -13,7 +13,7 @@ echo "<div class='row'>
if (Config::get('overview_show_sysDescr')) {
echo '<i class="fa fa-id-card fa-lg icon-theme" aria-hidden="true"></i> <strong>';
echo Config::get('overview_show_sysDescr', true) ? $device['sysDescr'] : 'System';
echo Config::get('overview_show_sysDescr', true) ? display($device['sysDescr']) : 'System';
echo '</strong>';
}
@@ -23,7 +23,7 @@ echo '<script src="js/leaflet.js"></script>';
echo '<script src="js/L.Control.Locate.min.js"></script>';
if ($device['os'] == 'ios' || $device['os'] == 'iosxe') {
formatCiscoHardware($device);
\LibreNMS\Util\Rewrite::ciscoHardware($device, false);
}
if ($device['features']) {
@@ -34,7 +34,7 @@ $device['os_text'] = Config::getOsSetting($device['os'], 'text');
echo '<div class="row">
<div class="col-sm-4">System Name</div>
<div class="col-sm-8">' . $device['sysName'] . ' </div>
<div class="col-sm-8">' . display($device['sysName']) . ' </div>
</div>';
if (! empty($device['overwrite_ip'])) {
@@ -60,26 +60,26 @@ if ($device['purpose']) {
if ($device['hardware']) {
echo '<div class="row">
<div class="col-sm-4">Hardware</div>
<div class="col-sm-8">' . $device['hardware'] . '</div>
<div class="col-sm-8">' . display($device['hardware']) . '</div>
</div>';
}
echo '<div class="row">
<div class="col-sm-4 text-nowrap">Operating System</div>
<div class="col-sm-8">' . $device['os_text'] . ' ' . $device['version'] . ' ' . $device['features'] . ' </div>
<div class="col-sm-8">' . display($device['os_text'] . ' ' . $device['version'] . ' ' . $device['features']) . ' </div>
</div>';
if ($device['serial']) {
echo '<div class="row">
<div class="col-sm-4">Serial</div>
<div class="col-sm-8">' . $device['serial'] . '</div>
<div class="col-sm-8">' . display($device['serial']) . '</div>
</div>';
}
if ($device['sysObjectID']) {
echo '<div class="row">
<div class="col-sm-4">Object ID</div>
<div class="col-sm-8">' . $device['sysObjectID'] . '</div>
<div class="col-sm-8">' . display($device['sysObjectID']) . '</div>
</div>';
}
@@ -88,14 +88,14 @@ if ($device['sysContact']) {
<div class="col-sm-4">Contact</div>';
if (get_dev_attrib($device, 'override_sysContact_bool')) {
echo '
<div class="col-sm-8">' . htmlspecialchars(get_dev_attrib($device, 'override_sysContact_string')) . '</div>
<div class="col-sm-8">' . display(htmlspecialchars(get_dev_attrib($device, 'override_sysContact_string'))) . '</div>
</div>
<div class="row">
<div class="col-sm-4">SNMP Contact</div>';
}
echo '
<div class="col-sm-8">' . htmlspecialchars($device['sysContact']) . '</div>
<div class="col-sm-8">' . display(htmlspecialchars($device['sysContact'])) . '</div>
</div>';
}
@@ -129,7 +129,7 @@ if ($device['location_id']) {
echo '
<div class="row">
<div class="col-sm-4">Location</div>
<div class="col-sm-8">' . $location->display() . '</div>
<div class="col-sm-8">' . display($location->display()) . '</div>
</div>
<div class="row" id="coordinates-row" data-toggle="collapse" data-target="#toggle-map">
<div class="col-sm-4">Lat / Lng</div>