Skip to content
Snippets Groups Projects
Commit c93ce2ac authored by Daniel Jagszent's avatar Daniel Jagszent
Browse files

fix stored XSS issue in data log history detail page 

fixes #6754
parent c865f18f
No related branches found
No related tags found
1 merge request!1938fix stored XSS issue in data log history detail page
Pipeline #15114 passed
Stage: syntax
Hide whitespace changes
Inline Side-by-side
interface/web/monitor/dataloghistory_view.php
+ 4
4
View file @ c93ce2ac
...@@ -130,7 +130,7 @@ switch ($record['action']) { ...@@ -130,7 +130,7 @@ switch ($record['action']) {
foreach ($data['new'] as $key=>$value) { foreach ($data['new'] as $key=>$value) {
$inserts[] = array( $inserts[] = array(
'key' => $key, 'key' => $key,
'value' => nl2br($value), 'value' => nl2br($app->functions->htmlentities($value)),
); );
} }
$app->tpl->setLoop('inserts', $inserts); $app->tpl->setLoop('inserts', $inserts);
...@@ -145,8 +145,8 @@ switch ($record['action']) { ...@@ -145,8 +145,8 @@ switch ($record['action']) {
$updates[] = array( $updates[] = array(
'key' => $key, 'key' => $key,
'is_diff' => $changes['is_diff'], 'is_diff' => $changes['is_diff'],
'old' => nl2br($changes['old']), 'old' => nl2br($app->functions->htmlentities($changes['old'])),
'new' => nl2br($changes['new']), 'new' => nl2br($app->functions->htmlentities($changes['new'])),
'diff' => nl2br($changes['diff']), 'diff' => nl2br($changes['diff']),
); );
} }
...@@ -162,7 +162,7 @@ switch ($record['action']) { ...@@ -162,7 +162,7 @@ switch ($record['action']) {
foreach ($data['old'] as $key=>$value) { foreach ($data['old'] as $key=>$value) {
$deletes[] = array( $deletes[] = array(
'key' => $key, 'key' => $key,
'value' => nl2br($value), 'value' => nl2br($app->functions->htmlentities($value)),
); );
} }
$app->tpl->setLoop('deletes', $deletes); $app->tpl->setLoop('deletes', $deletes);
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment