Security fixes XSS in oxidized-cfg-check.inc.php and print-customoid.…

…php (#14126) Signed-off-by: AL-KASSAR <feras.al-kassar@sap.com>
librenms · Jul 20, 2022 · e5c91a0 · e5c91a0
1 parent 98da97c
commit e5c91a0
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.
diff --git a/includes/html/pages/tools/oxidized-cfg-check.inc.php b/includes/html/pages/tools/oxidized-cfg-check.inc.php
@@ -8,6 +8,7 @@
         $oxidized_cfg = Yaml::parse($_POST['config']);
         $validate_cfg = validate_oxidized_cfg($oxidized_cfg);
         foreach ($validate_cfg as $error) {
+            $error = htmlspecialchars($error);
             echo "<div class='alert alert-danger'>$error</div>";
         }
         if (empty($validate_cfg)) {

diff --git a/includes/html/print-customoid.php b/includes/html/print-customoid.php
@@ -74,7 +74,7 @@
 
 $count = dbFetchCell("SELECT COUNT(*) $query $where", $param);
 if (isset($_POST['page_num']) && $_POST['page_num'] > 0 && $_POST['page_num'] <= $count) {
-    $page_num = $_POST['page_num'];
+    $page_num = intval($_POST['page_num']);
 } else {
     $page_num = 1;
 }