Skip to content

Commit

Permalink
Prevent SQL injection on dashboard administration
Browse files Browse the repository at this point in the history
  • Loading branch information
cedric-anne authored and trasher committed Jul 11, 2023
1 parent ffa4beb commit 65e918b
Showing 1 changed file with 13 additions and 8 deletions.
21 changes: 13 additions & 8 deletions src/Dashboard/Dashboard.php
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@

namespace Glpi\Dashboard;

use Glpi\Toolbox\Sanitizer;
use Ramsey\Uuid\Uuid;
use Session;

Expand Down Expand Up @@ -237,14 +238,18 @@ public function save(bool $skip_child = false)
{
global $DB, $GLPI_CACHE;

$DB->updateOrInsert(self::getTable(), [
'key' => $this->key,
'name' => $this->fields['name'],
'context' => $this->fields['context'],
'users_id' => $this->fields['users_id'],
], [
'key' => $this->key
]);
$DB->updateOrInsert(
self::getTable(),
Sanitizer::dbEscapeRecursive([
'key' => $this->key,
'name' => $this->fields['name'],
'context' => $this->fields['context'],
'users_id' => $this->fields['users_id'],
]),
[
'key' => $this->key
]
);

// reload dashboard
$this->getFromDB($this->key);
Expand Down

0 comments on commit 65e918b

Please sign in to comment.