Fix XSS from monitor Name, group Name, storage Name, server Name
This commit is contained in:
Isaac Connor
parent
d99ec696b4
commit
6d4d925f1e
|
|
@ -280,7 +280,7 @@ for( $monitor_i = 0; $monitor_i < count($displayMonitors); $monitor_i += 1 ) {
|
||||||
?>
|
?>
|
||||||
<td class="colName">
|
<td class="colName">
|
||||||
<i class="material-icons md-18 <?php echo $dot_class ?>">lens</i>
|
<i class="material-icons md-18 <?php echo $dot_class ?>">lens</i>
|
||||||
<a <?php echo ($stream_available ? 'href="?view=watch&mid='.$monitor['Id'].'">' : '>') . $monitor['Name'] ?></a><br/>
|
<a <?php echo ($stream_available ? 'href="?view=watch&mid='.$monitor['Id'].'">' : '>') . validHtmlStr($monitor['Name']) ?></a><br/>
|
||||||
<div class="small text-nowrap text-muted">
|
<div class="small text-nowrap text-muted">
|
||||||
|
|
||||||
<?php echo implode('<br/>',
|
<?php echo implode('<br/>',
|
||||||
|
|
@ -290,7 +290,7 @@ for( $monitor_i = 0; $monitor_i < count($displayMonitors); $monitor_i += 1 ) {
|
||||||
$Groups = $Group->Parents();
|
$Groups = $Group->Parents();
|
||||||
array_push( $Groups, $Group );
|
array_push( $Groups, $Group );
|
||||||
}
|
}
|
||||||
return implode(' > ', array_map(function($Group){ return '<a href="?view=montagereview&GroupId='.$Group->Id().'">'.$Group->Name().'</a>'; }, $Groups ));
|
return implode(' > ', array_map(function($Group){ return '<a href="?view=montagereview&GroupId='.$Group->Id().'">'.validHtmlStr($Group->Name()).'</a>'; }, $Groups ));
|
||||||
}, $Monitor->GroupIds() ) );
|
}, $Monitor->GroupIds() ) );
|
||||||
?>
|
?>
|
||||||
</div></td>
|
</div></td>
|
||||||
|
|
@ -315,13 +315,13 @@ for( $monitor_i = 0; $monitor_i < count($displayMonitors); $monitor_i += 1 ) {
|
||||||
</div></td>
|
</div></td>
|
||||||
<?php
|
<?php
|
||||||
if ( count($servers) ) { ?>
|
if ( count($servers) ) { ?>
|
||||||
<td class="colServer"><?php $Server = isset($ServersById[$monitor['ServerId']]) ? $ServersById[$monitor['ServerId']] : new ZM\Server($monitor['ServerId']); echo $Server->Name(); ?></td>
|
<td class="colServer"><?php $Server = isset($ServersById[$monitor['ServerId']]) ? $ServersById[$monitor['ServerId']] : new ZM\Server($monitor['ServerId']); echo validHtmlStr($Server->Name()); ?></td>
|
||||||
<?php
|
<?php
|
||||||
}
|
}
|
||||||
echo '<td class="colSource">'. makePopupLink( '?view=monitor&mid='.$monitor['Id'], 'zmMonitor'.$monitor['Id'], 'monitor', '<span class="'.$source_class.'">'.validHtmlStr($Monitor->Source()).'</span>', canEdit('Monitors') ).'</td>';
|
echo '<td class="colSource">'. makePopupLink( '?view=monitor&mid='.$monitor['Id'], 'zmMonitor'.$monitor['Id'], 'monitor', '<span class="'.$source_class.'">'.validHtmlStr($Monitor->Source()).'</span>', canEdit('Monitors') ).'</td>';
|
||||||
if ( $show_storage_areas ) {
|
if ( $show_storage_areas ) {
|
||||||
?>
|
?>
|
||||||
<td class="colStorage"><?php if ( isset($StorageById[$monitor['StorageId']]) ) { echo $StorageById[ $monitor['StorageId'] ]->Name(); } ?></td>
|
<td class="colStorage"><?php if ( isset($StorageById[$monitor['StorageId']]) ) { echo validHtmlStr($StorageById[$monitor['StorageId']]->Name()); } ?></td>
|
||||||
<?php
|
<?php
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue