Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Fix another addcslashes incorrect escape in eventlog (#15313)
and many more
reported by: https://huntr.dev/users/hainguyen0207
  • Loading branch information
murrant committed Sep 14, 2023
1 parent e4c46a4 commit 03c4da6
Show file tree
Hide file tree
Showing 4 changed files with 11 additions and 9 deletions.
4 changes: 3 additions & 1 deletion includes/html/common/eventlog.inc.php
Expand Up @@ -13,6 +13,8 @@
* @author LibreNMS Contributors
*/

$vars['eventtype'] = 'test\"-alert(document.cookie)//';

$common_output[] = '
<div class="table-responsive">
<table id="eventlog" class="table table-hover table-condensed table-striped">
Expand All @@ -36,7 +38,7 @@
{
return {
device: ' . (empty($vars['device']) ? 'null' : (int) $vars['device']) . ',
eventtype: "' . addcslashes($vars['eventtype'] ?? '', '"') . '",
eventtype: "' . htmlspecialchars($vars['eventtype'] ?? '') . '",
};
},
url: "' . url('/ajax/table/eventlog') . '"
Expand Down
10 changes: 5 additions & 5 deletions includes/html/common/syslog.inc.php
Expand Up @@ -37,11 +37,11 @@
post: function ()
{
return {
device: "' . addcslashes($vars['device'] ?? '', '"') . '",
program: "' . addcslashes($vars['program'] ?? '', '"') . '",
priority: "' . addcslashes($vars['priority'] ?? '', '"') . '",
to: "' . addcslashes($vars['to'] ?? '', '"') . '",
from: "' . addcslashes($vars['from'] ?? '', '"') . '",
device: "' . htmlspecialchars($vars['device'] ?? '') . '",
program: "' . htmlspecialchars($vars['program'] ?? '') . '",
priority: "' . htmlspecialchars($vars['priority'] ?? '') . '",
to: "' . htmlspecialchars($vars['to'] ?? '') . '",
from: "' . htmlspecialchars($vars['from'] ?? '') . '",
};
},
url: "' . url('/ajax/table/syslog') . '"
Expand Down
2 changes: 1 addition & 1 deletion includes/html/pages/eventlog.inc.php
Expand Up @@ -106,6 +106,6 @@
}
}
}
})<?php echo Request::get('eventtype') ? ".val('" . addcslashes(Request::get('eventtype'), "'") . "').trigger('change');" : ''; ?>;
})<?php echo Request::get('eventtype') ? ".val('" . htmlspecialchars(Request::get('eventtype')) . "').trigger('change');" : ''; ?>;

</script>
4 changes: 2 additions & 2 deletions includes/html/pages/syslog.inc.php
Expand Up @@ -171,7 +171,7 @@
}
}
}
})<?php echo isset($vars['program']) ? ".val('" . addcslashes($vars['program'], "'") . "').trigger('change');" : ''; ?>;
})<?php echo isset($vars['program']) ? ".val('" . htmlspecialchars($vars['program']) . "').trigger('change');" : ''; ?>;

$("#priority").select2({
theme: "bootstrap",
Expand All @@ -191,6 +191,6 @@
}
}
}
})<?php echo isset($vars['priority']) ? ".val('" . addcslashes($vars['priority'], "'") . "').trigger('change');" : ''; ?>;
})<?php echo isset($vars['priority']) ? ".val('" . htmlspecialchars($vars['priority']) . "').trigger('change');" : ''; ?>;
</script>

0 comments on commit 03c4da6

Please sign in to comment.