composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-02-13 15:34:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

N°4363 Security hardening

Browse Source
This commit is contained in:
Pierre Goiffon
2021-11-16 17:14:25 +01:00
parent 8adf743cc7
commit dbaf924171
1 changed files with 6 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
pages/ajax.render.php
View File

@@ -1066,7 +1066,7 @@ try
break;
case 'save_dashboard':
$sDashboardId = utils::ReadParam('dashboard_id', '', false, 'raw_data');
$sDashboardId = utils::ReadParam('dashboard_id', '', false, 'element_identifier');
$aExtraParams = utils::ReadParam('extra_params', array(), false, 'raw_data');
$sReloadURL = utils::ReadParam('reload_url', '', false, 'raw_data');
$sJSExtraParams = json_encode($aExtraParams);
@@ -1079,17 +1079,16 @@ try
$oDashboard = new RuntimeDashboard($sDashboardId);
$oDashboard->FromParams($aParams);
$oDashboard->Save();
$sDashboardFile = addslashes(utils::ReadParam('file', '', false, 'raw_data'));
$sDivId = preg_replace('/[^a-zA-Z0-9_]/', '', $sDashboardId);
$sDashboardFile = addslashes(utils::ReadParam('file', '', false, 'string'));
// trigger a reload of the current page since the dashboard just changed
$oPage->add_script(
<<<EOF
$('.dashboard_contents#$sDivId').block();
<<<EOF
$('.dashboard_contents#$sDashboardId').block();
$.post(GetAbsoluteUrlAppRoot()+'pages/ajax.render.php',
{ operation: 'reload_dashboard', dashboard_id: '$sDashboardId', file: '$sDashboardFile', extra_params: $sJSExtraParams, reload_url: '$sReloadURL'},
function(data){
$('.dashboard_contents#$sDivId').html(data);
$('.dashboard_contents#$sDivId').unblock();
$('.dashboard_contents#$sDashboardId').html(data);
$('.dashboard_contents#$sDashboardId').unblock();
}
);
EOF