Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix html injection in user fields #10535

Merged
merged 1 commit into from Aug 22, 2019

Conversation

@murrant
Copy link
Member

commented Aug 20, 2019

validate realname and descr to alpha/numeric/spaces only
This flaw is actually in bootgrid, the html isn't interpreted until bootgrid loads.

DO NOT DELETE THIS TEXT

Please note

Please read this information carefully. You can run ./scripts/pre-commit.php to check your code before submitting.

Testers

If you would like to test this pull request then please run: ./scripts/github-apply <pr_id>, i.e ./scripts/github-apply 5926
After you are done testing, you can remove the changes with ./scripts/github-remove. If there are schema changes, you can ask on discord how to revert.

Fix html injection in user fields
validate realname and descr to alpha/numeric/spaces only
This flaw is actually in bootgrid, the html isn't interpreted until bootgrid loads.

@murrant murrant merged commit 2441096 into librenms:master Aug 22, 2019

6 checks passed

Inspection Summary
Details
Node: analysis
Details
Travis CI - Pull Request Build Passed
Details
WIP Ready for review
Details
codeclimate All good!
Details
license/cla Contributor License Agreement is signed.
Details

@murrant murrant deleted the murrant:user-xss branch Aug 22, 2019

@murrant

This comment has been minimized.

Copy link
Member Author

commented Sep 3, 2019

This pull request has been mentioned on LibreNMS Community. There might be relevant details there:

https://community.librenms.org/t/v1-55-release-changelog-august-2019/9428/1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.