From f24bb42cb247ea8b55b82b4dec981e0938c8ebea Mon Sep 17 00:00:00 2001 From: PipoCanaja <38363551+PipoCanaja@users.noreply.github.com> Date: Mon, 14 Feb 2022 14:03:01 +0100 Subject: [PATCH] Hide community and make it XSS safer (#13783) * sanitize message display * sanitize message display * safe display of community, and community hidden until focus occurs --- includes/html/pages/addhost.inc.php | 2 +- includes/html/pages/device/edit/snmp.inc.php | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/includes/html/pages/addhost.inc.php b/includes/html/pages/addhost.inc.php index c951356735..e3890119f4 100644 --- a/includes/html/pages/addhost.inc.php +++ b/includes/html/pages/addhost.inc.php @@ -55,7 +55,7 @@ if (! empty($_POST['hostname'])) { } $snmpver = strip_tags($_POST['snmpver']); - print_message("Adding host $hostname communit" . (count(Config::get('snmp.community')) == 1 ? 'y' : 'ies') . ' ' . implode(', ', Config::get('snmp.community')) . " port $port using $transport"); + print_message("Adding host $hostname communit" . (count(Config::get('snmp.community')) == 1 ? 'y' : 'ies') . ' ' . implode(', ', array_map("\LibreNMS\Util\Clean::html", Config::get('snmp.community'))) . " port $port using $transport"); } elseif ($_POST['snmpver'] === 'v3') { $v3 = [ 'authlevel' => strip_tags($_POST['authlevel']), diff --git a/includes/html/pages/device/edit/snmp.inc.php b/includes/html/pages/device/edit/snmp.inc.php index e755f310c0..47ff41c018 100644 --- a/includes/html/pages/device/edit/snmp.inc.php +++ b/includes/html/pages/device/edit/snmp.inc.php @@ -33,7 +33,7 @@ if ($_POST['editing']) { $update['retries'] = ['NULL']; } - if ($snmpver != 'v3') { + if ($snmpver != 'v3' && $_POST['community'] != '********') { $community = $_POST['community']; $update['community'] = $community; } @@ -318,7 +318,7 @@ echo "
- +