mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix a few XSS vulnerabilities in device group popups (#15581)

Browse Source 
I can't tell if the flasher ones are vulnerable, as flasher is still broken.
This commit is contained in:
Tony Murray
2023-11-15 08:21:06 -06:00
committed by GitHub
parent 3768e59448
commit faf66035ea
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
app/Http/Controllers/DeviceGroupController.php
View File

@@ -67,7 +67,7 @@ class DeviceGroupController extends Controller
$deviceGroup->devices()->sync($request->devices);
}
$flasher->addSuccess(__('Device Group :name created', ['name' => $deviceGroup->name]));
$flasher->addSuccess(__('Device Group :name created', ['name' => htmlentities($deviceGroup->name)]));
return redirect()->route('device-groups.index');
}
@@ -143,7 +143,7 @@ class DeviceGroupController extends Controller
if ($deviceGroup->isDirty() || $devices_updated) {
try {
if ($deviceGroup->save() || $devices_updated) {
$flasher->addSuccess(__('Device Group :name updated', ['name' => $deviceGroup->name]));
$flasher->addSuccess(__('Device Group :name updated', ['name' => htmlentities($deviceGroup->name)]));
} else {
$flasher->addError(__('Failed to save'));
@@ -170,7 +170,7 @@ class DeviceGroupController extends Controller
public function destroy(DeviceGroup $deviceGroup)
{
if ($deviceGroup->serviceTemplates()->exists()) {
$msg = __('Device Group :name still has Service Templates associated with it. Please remove or update the Service Template accordingly', ['name' => $deviceGroup->name]);
$msg = __('Device Group :name still has Service Templates associated with it. Please remove or update the Service Template accordingly', ['name' => htmlentities($deviceGroup->name)]);
return response($msg, 200);
}