From 6d4d925f1e23176e3a43510b651a6d29962bbf66 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Fri, 10 Apr 2020 12:42:41 -0400 Subject: [PATCH] Fix XSS from monitor Name, group Name, storage Name, server Name --- web/skins/classic/views/console.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/web/skins/classic/views/console.php b/web/skins/classic/views/console.php index aa0484997..71c60b6f0 100644 --- a/web/skins/classic/views/console.php +++ b/web/skins/classic/views/console.php @@ -280,7 +280,7 @@ for( $monitor_i = 0; $monitor_i < count($displayMonitors); $monitor_i += 1 ) { ?> lens - ' : '>') . $monitor['Name'] ?>
+ ' : '>') . validHtmlStr($monitor['Name']) ?>
', @@ -290,7 +290,7 @@ for( $monitor_i = 0; $monitor_i < count($displayMonitors); $monitor_i += 1 ) { $Groups = $Group->Parents(); array_push( $Groups, $Group ); } - return implode(' > ', array_map(function($Group){ return ''.$Group->Name().''; }, $Groups )); + return implode(' > ', array_map(function($Group){ return ''.validHtmlStr($Group->Name()).''; }, $Groups )); }, $Monitor->GroupIds() ) ); ?>
@@ -315,13 +315,13 @@ for( $monitor_i = 0; $monitor_i < count($displayMonitors); $monitor_i += 1 ) { - Name(); ?> + Name()); ?> '. makePopupLink( '?view=monitor&mid='.$monitor['Id'], 'zmMonitor'.$monitor['Id'], 'monitor', ''.validHtmlStr($Monitor->Source()).'', canEdit('Monitors') ).''; if ( $show_storage_areas ) { ?> - Name(); } ?> + Name()); } ?>