Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Fix scheduled maintenance xss (#14360)
Fix for fields title, notes, and maybe recurring_day. Other fields can't store html.

https://huntr.dev/bounties/bcb6ee68-1452-4fdb-932a-f1031d10984f/
  • Loading branch information
murrant committed Sep 16, 2022
1 parent 15fd7d0 commit 0805002
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions app/Http/Controllers/Table/AlertScheduleController.php
Expand Up @@ -65,8 +65,8 @@ protected function sortFields($request)
public function formatItem($schedule)
{
return [
'title' => $schedule->title,
'notes' => $schedule->notes,
'title' => htmlentities($schedule->title),
'notes' => htmlentities($schedule->notes),
'id' => $schedule->schedule_id,
'start' => $schedule->recurring ? '' : $schedule->start->toDateTimeString('minutes'),
'end' => $schedule->recurring ? '' : $schedule->end->toDateTimeString('minutes'),
Expand All @@ -75,7 +75,7 @@ public function formatItem($schedule)
'end_recurring_dt' => $schedule->recurring ? $schedule->end_recurring_dt : '',
'end_recurring_hr' => $schedule->recurring ? $schedule->end_recurring_hr : '',
'recurring' => $schedule->recurring ? __('Yes') : __('No'),
'recurring_day' => $schedule->recurring ? implode(',', $schedule->recurring_day) : '',
'recurring_day' => $schedule->recurring ? htmlentities(implode(',', $schedule->recurring_day)) : '',
'status' => $schedule->status,
];
}
Expand Down

0 comments on commit 0805002

Please sign in to comment.