Private GIT

Skip to content
Snippets Groups Projects
Commit f9b474a6 authored by Maximilien Bersoult's avatar Maximilien Bersoult Committed by Stephane Chapron
Browse files

fix(sec): Fix XSS on command form

* Fix XSS for describe arguments and macros
parent 693edc24
Branches
Tags
No related merge requests found
......@@ -253,7 +253,7 @@ class CentreonCommand
while ($row = $dbResult->fetchRow()) {
$arr['id'] = $row['command_macro_id'];
$arr['name'] = $row['command_macro_name'];
$arr['description'] = $row['command_macro_desciption'];
$arr['description'] = htmlentities($row['command_macro_desciption']);
$arr['type'] = $sType;
$aReturn[] = $arr;
}
......
......@@ -62,12 +62,13 @@ if (isset($_GET['cmd_line']) && $_GET['cmd_line']) {
}
if (isset($_GET['textArea']) && $_GET['textArea']) {
$tab = preg_split("/\;\;\;/", $_GET['textArea']);
$textArea = urldecode($_GET['textArea']);
$tab = preg_split("/\;\;\;/", $textArea);
foreach ($tab as $key => $value) {
$tab2 = preg_split("/\ \:\ /", $value, 2);
$index = str_replace("ARG", "", $tab2[0]);
if (isset($tab2[0]) && $tab2[0]) {
$args[$index] = $tab2[1];
$args[$index] = htmlentities($tab2[1]);
}
}
}
......
......@@ -45,7 +45,7 @@ function goPopup() {
listArea = document.getElementById('listOfArg');
tmpStr = listArea.value;
tmpStr = tmpStr.replace(reg, ";;;");
tmpStr = encodeURIComponent(tmpStr.replace(reg, ";;;"));
cmd_line = document.getElementById('command_line').value;
Modalbox.show('./include/configuration/configObject/command/formArguments.php?cmd_line=' + cmd_line + '&textArea=' + tmpStr, {title: 'Argument description', width:800});
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment