@@ -550,6 +550,11 @@ function prepareInputForAdd($input) {
550550 return false ;
551551 }
552552
553+ // avoid xss (picture field is autogenerated)
554+ if (isset ($ input ['picture ' ])) {
555+ $ input ['picture ' ] = 'NULL ' ;
556+ }
557+
553558 if (!isset ($ input ["authtype " ])) {
554559 $ input ["authtype " ] = Auth::DB_GLPI ;
555560 }
@@ -681,6 +686,11 @@ function post_addItem() {
681686 function prepareInputForUpdate ($ input ) {
682687 global $ CFG_GLPI ;
683688
689+ // avoid xss (picture field is autogenerated)
690+ if (isset ($ input ['picture ' ])) {
691+ $ input ['picture ' ] = 'NULL ' ;
692+ }
693+
684694 //picture manually uploaded by user
685695 if (isset ($ input ["_blank_picture " ]) && $ input ["_blank_picture " ]) {
686696 self ::dropPictureFiles ($ this ->fields ['picture ' ]);
@@ -2004,6 +2014,7 @@ function showForm($ID, array $options = []) {
20042014 }
20052015
20062016 if (!empty ($ this ->fields ["name " ])) {
2017+
20072018 echo "<td rowspan='4'> " . __ ('Picture ' ) . "</td> " ;
20082019 echo "<td rowspan='4'> " ;
20092020 echo "<div class='user_picture_border_small' id='picture $ rand'> " ;
@@ -4853,6 +4864,9 @@ static function checkDefaultPasswords() {
48534864 static function getURLForPicture ($ picture ) {
48544865 global $ CFG_GLPI ;
48554866
4867+ // prevent xss
4868+ $ picture = Html::cleanInputText ($ picture );
4869+
48564870 if (!empty ($ picture )) {
48574871 return $ CFG_GLPI ["root_doc " ]."/front/document.send.php?file=_pictures/ $ picture " ;
48584872 }
@@ -4872,6 +4886,9 @@ static function getURLForPicture($picture) {
48724886 static function getThumbnailURLForPicture ($ picture ) {
48734887 global $ CFG_GLPI ;
48744888
4889+ // prevent xss
4890+ $ picture = Html::cleanInputText ($ picture );
4891+
48754892 if (!empty ($ picture )) {
48764893 $ tmp = explode (". " , $ picture );
48774894 if (count ($ tmp ) ==2 ) {
0 commit comments