composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-03-06 09:34:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

N°4899 - Reflected XSS on revert_dashboard operation

Browse Source
This commit is contained in:
Benjamin Dalsass
2022-05-17 09:27:06 +02:00
parent 59424c3126
commit 8e97279401
2 changed files with 11 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
application/utils.inc.php
View File

@@ -358,6 +358,11 @@ class utils
$retValue = preg_replace('/[^a-zA-Z0-9_]/', '', $value);
break;
// For URL
case 'url':
$retValue = filter_var($value, FILTER_SANITIZE_URL);
break;
default:
case 'raw_data':
$retValue = $value;

12
pages/ajax.render.php
View File

@@ -1183,7 +1183,7 @@ try
$aExtraParams = utils::ReadParam('extra_params', array(), false, 'raw_data');
$sDashboardFile = utils::ReadParam('file', '', false, 'raw_data');
$sReloadURL = utils::ReadParam('reload_url', '', false, 'raw_data');
$sReloadURL = utils::ReadParam('reload_url', '', false, 'url');
$oDashboard = RuntimeDashboard::GetDashboard($sDashboardFile, $sDashboardId);
$aResult = array('error' => '');
if (!is_null($oDashboard))
@@ -1202,7 +1202,7 @@ try
$sDashboardId = utils::ReadParam('dashboard_id', '', false, 'raw_data');
$aExtraParams = utils::ReadParam('extra_params', array(), false, 'raw_data');
$sDashboardFile = utils::ReadParam('file', '', false, 'raw_data');
$sReloadURL = utils::ReadParam('reload_url', '', false, 'raw_data');
$sReloadURL = utils::ReadParam('reload_url', '', false, 'url');
$oDashboard = RuntimeDashboard::GetDashboard($sDashboardFile, $sDashboardId);
$aResult = array('error' => '');
if (!is_null($oDashboard))
@@ -1219,7 +1219,7 @@ try
case 'save_dashboard':
$sDashboardId = utils::ReadParam('dashboard_id', '', false, 'context_param');
$aExtraParams = utils::ReadParam('extra_params', array(), false, 'raw_data');
$sReloadURL = utils::ReadParam('reload_url', '', false, 'raw_data');
$sReloadURL = utils::ReadParam('reload_url', '', false, 'url');
$sJSExtraParams = json_encode($aExtraParams);
$aParams = array();
$aParams['layout_class'] = utils::ReadParam('layout_class', '');
@@ -1252,7 +1252,7 @@ JS
case 'revert_dashboard':
$sDashboardId = utils::ReadParam('dashboard_id', '', false, 'raw_data');
$sReloadURL = utils::ReadParam('reload_url', '', false, 'raw_data');
$sReloadURL = utils::ReadParam('reload_url', '', false, 'url');
appUserPreferences::UnsetPref('display_original_dashboard_'.$sDashboardId);
$oDashboard = new RuntimeDashboard($sDashboardId);
$oDashboard->Revert();
@@ -1282,7 +1282,7 @@ EOF
$aParams['cells'] = utils::ReadParam('cells', array(), false, 'raw_data');
$aParams['auto_reload'] = utils::ReadParam('auto_reload', false);
$aParams['auto_reload_sec'] = utils::ReadParam('auto_reload_sec', 300);
$sReloadURL = utils::ReadParam('reload_url', '', false, 'raw_data');
$sReloadURL = utils::ReadParam('reload_url', '', false, 'url');
$oKPI = new ExecutionKPI();
$oDashboard = new RuntimeDashboard($sDashboardId);
$oDashboard->FromParams($aParams);
@@ -1296,7 +1296,7 @@ EOF
$aExtraParams = utils::ReadParam('extra_params', array(), false, 'raw_data');
$aExtraParams['dashboard_div_id'] = utils::Sanitize($sId, '', 'element_identifier');
$sDashboardFile = utils::ReadParam('file', '', false, 'string');
$sReloadURL = utils::ReadParam('reload_url', '', false, 'raw_data');
$sReloadURL = utils::ReadParam('reload_url', '', false, 'url');
$oKPI = new ExecutionKPI();
$oDashboard = RuntimeDashboard::GetDashboard($sDashboardFile, $sId);
if (!is_null($oDashboard))