Skip to content
This repository has been archived by the owner on Dec 13, 2022. It is now read-only.

Commit

Permalink
fix(sec): remove xss injection of service output in host form (#7865)
Browse files Browse the repository at this point in the history
  • Loading branch information
@kduret
kduret committed Sep 28, 2019
1 parent 189bd0c commit 5b2c097
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion www/include/monitoring/objectDetails/hostDetails.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -211,7 +211,10 @@
$row['line_class'] = $class;

/* Split the plugin_output */
$outputLines = explode("\n", $row['plugin_output']);
$outputLines = explode(
"\n",
htmlentities($row['plugin_output'], ENT_QUOTES, 'UTF-8')
);
$row['short_output'] = $outputLines[0];
$row["hnl"] = CentreonUtils::escapeSecure(urlencode($row["host_name"]));
$row["sdl"] = CentreonUtils::escapeSecure(urlencode($row["service_description"]));
Expand Down

0 comments on commit 5b2c097

Please sign in to comment.