Skip to content

Commit

Permalink
Potential fix for grave/backtick XSS usage (#4356)
Browse files Browse the repository at this point in the history
  • Loading branch information
@netniV
netniV committed Sep 25, 2021
1 parent 87a34f2 commit 9a45ef5
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 0 deletions.
1 change: 1 addition & 0 deletions CHANGELOG
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
Cacti CHANGELOG

1.2.19
-security#4356: Potential fix for grave/backtick XSS usage (#4356)
-issue#3787: Add SHA256 and AES256 for snmp polling
-issue#4341: Missing sequence field leads to errors in system logs
-issue#4342: Tree Graph shows same highlighting as graph edit screen
Expand Down
2 changes: 2 additions & 0 deletions lib/functions.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,8 @@ function filter_value($value, $filter, $href = '') {
}

$value = htmlspecialchars($value, ENT_QUOTES, $charset, false);
// Grave Accent character can lead to xss
$value = str_replace('`', '`', $value);

if ($filter != '') {
$value = preg_replace('#(' . preg_quote($filter) . ')#i', "<span class='filteredValue'>\\1</span>", $value);
Expand Down

0 comments on commit 9a45ef5

Please sign in to comment.