Permalink
Browse files

Fix vulnerabilities on service comments

  • Loading branch information...
kduret committed Sep 8, 2015
1 parent 7a16762 commit 964a3ac9c75822633ed63fb87e364cd04941dc4e
16 www/class/centreonUtils.class.php 100644 → 100755
@@ -247,4 +247,18 @@ public static function compareVersion($currentVersion, $targetVersion, $delimite
return 0;
}
}
}
/**
* Escape a string for present javascript injection
*
* @param string $string The string to escape
* @return string
*/
public static function escapeSecure($string)
{
/* Remove script tags */
$string = preg_replace("/<script.*?\/script>/s", "", $string);
return $string;
}
}
@@ -121,10 +121,11 @@
$rows = $pearDBndo->numberRows();
for ($i = 0; $data = $DBRESULT_NDO->fetchRow(); $i++){
$tab_comments_host[$i] = $data;
$tab_comments_host[$i] = htmlentities($data['comment_data']);
$tab_comments_host[$i]['host_name'] = htmlentities($data['host_name']);
$tab_comments_host[$i]["is_persistent"] = $en[$tab_comments_host[$i]["is_persistent"]];
$tab_comments_host[$i]["entry_time"] = $centreonGMT->getDate("m/d/Y H:i" , $tab_comments_host[$i]["entry_time"]);
$tab_comments_host[$i]["host_name_link"] = urlencode($tab_comments_host[$i]["host_name"]);
$tab_comments_host[$i]['comment_data'] = htmlentities($tab_comments_host[$i]['comment_data']);
}
unset($data);
} else {
@@ -150,11 +151,11 @@
$rows = $pearDBO->numberRows();
for ($i = 0; $data = $DBRESULT->fetchRow(); $i++){
$tab_comments_host[$i] = $data;
$tab_comments_host[$i]['comment_data'] = htmlentities($data['comment_data']);
$tab_comments_host[$i]['host_name'] = htmlentities($data['host_name']);
$tab_comments_host[$i]["is_persistent"] = $en[$tab_comments_host[$i]["is_persistent"]];
$tab_comments_host[$i]["entry_time"] = $centreonGMT->getDate("m/d/Y H:i" , $tab_comments_host[$i]["entry_time"]);
$tab_comments_host[$i]["host_name_link"] = urlencode($tab_comments_host[$i]["host_name"]);
$tab_comments_host[$i]['comment_data'] = htmlentities($tab_comments_host[$i]['comment_data']);
}
unset($data);
$DBRESULT->free();
@@ -128,6 +128,7 @@
$tab_comments_svc[$i]["is_persistent"] = $en[$tab_comments_svc[$i]["is_persistent"]];
$tab_comments_svc[$i]["entry_time"] = $centreonGMT->getDate("m/d/Y H:i" , $tab_comments_svc[$i]["entry_time"]);
$tab_comments_svc[$i]['host_name_link'] = urlencode($tab_comments_svc[$i]['host_name']);
$tab_comments_svc[$i]['comment_data'] = htmlentities($tab_comments_svc[$i]['comment_data']);
}
unset($data);
} else {
@@ -153,6 +154,7 @@
$tab_comments_svc[$i]["is_persistent"] = $en[$tab_comments_svc[$i]["is_persistent"]];
$tab_comments_svc[$i]["entry_time"] = $centreonGMT->getDate("m/d/Y H:i" , $tab_comments_svc[$i]["entry_time"]);
$tab_comments_svc[$i]['host_name_link'] = urlencode($tab_comments_svc[$i]['host_name']);
$tab_comments_svc[$i]['comment_data'] = htmlentities($tab_comments_svc[$i]['comment_data']);
}
unset($data);
$DBRESULT->free();

0 comments on commit 964a3ac

Please sign in to comment.