Fix billing xss (#14465)

bill_name and bill_notes fields allow html injection
librenms · Oct 17, 2022 · 43cb725 · 43cb725
1 parent ae3925b
commit 43cb725
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 7 deletions.
diff --git a/includes/html/pages/bill.inc.php b/includes/html/pages/bill.inc.php
@@ -87,7 +87,7 @@ function print_port_list($ports)
         echo '</div></div>';
     }//end print_port_list?>
 
-    <h2><?php   echo "Bill: ${bill_data['bill_name']}"; ?></h2>
+    <h2>Bill: <?php echo htmlentities($bill_data['bill_name']); ?></h2>
 
     <?php
     print_optionbar_start();

diff --git a/includes/html/pages/bill/addoreditbill.inc.php b/includes/html/pages/bill/addoreditbill.inc.php
@@ -2,7 +2,7 @@
 <div class="form-group">
   <label for="bill_name" class="col-sm-4 control-label">Description</label>
   <div class="col-sm-8">
-    <input class="form-control input-sm" type="text" id="bill_name" name="bill_name" value="<?php echo $bill_data['bill_name']; ?>">
+    <input class="form-control input-sm" type="text" id="bill_name" name="bill_name" value="<?php echo htmlentities($bill_data['bill_name']); ?>">
   </div>
 </div>
 <div class="form-group">
@@ -91,19 +91,19 @@
     <div class="form-group">
       <label class="col-sm-4 control-label" for="bill_custid">Customer Reference</label>
       <div class="col-sm-8">
-        <input class="form-control input-sm" type="text" name="bill_custid" value="<?php echo $bill_data['bill_custid'] ?>">
+        <input class="form-control input-sm" type="text" name="bill_custid" value="<?php echo htmlentities($bill_data['bill_custid']); ?>">
       </div>
     </div>
     <div class="form-group">
       <label class="col-sm-4 control-label" for="bill_ref">Billing Reference</label>
       <div class="col-sm-8">
-        <input class="form-control input-sm" type="text" name="bill_ref" value="<?php echo $bill_data['bill_ref']; ?>">
+        <input class="form-control input-sm" type="text" name="bill_ref" value="<?php echo htmlentities($bill_data['bill_ref']); ?>">
       </div>
     </div>
     <div class="form-group">
       <label class="col-sm-4 control-label" for="bill_notes">Notes</label>
       <div class="col-sm-8">
-        <input class="form-control input-sm" type="textarea" name="bill_notes" value="<?php echo $bill_data['bill_notes']; ?>">
+        <input class="form-control input-sm" type="textarea" name="bill_notes" value="<?php echo htmlentities($bill_data['bill_notes']); ?>">
       </div>
     </div>
 </fieldset>

diff --git a/includes/html/table/bills.inc.php b/includes/html/table/bills.inc.php
@@ -94,7 +94,7 @@
     $rate_average = $bill['rate_average'];
     $url = \LibreNMS\Util\Url::generate(['page' => 'bill', 'bill_id' => $bill['bill_id']]);
     $used95th = Number::formatSi($bill['rate_95th'], 2, 3, '') . 'bps';
-    $notes = $bill['bill_notes'];
+    $notes = htmlentities($bill['bill_notes']);
 
     if ($prev) {
         $percent = $bill['bill_percent'];
@@ -142,7 +142,7 @@
     $left_background = $background['left'];
     $overuse_formatted = (($overuse <= 0) ? '-' : "<span style='color: #${background['left']}; font-weight: bold;'>$overuse_formatted</span>");
 
-    $bill_name = "<a href='$url'><span style='font-weight: bold;' class='interface'>${bill['bill_name']}</span></a><br />" .
+    $bill_name = "<a href='$url'><span style='font-weight: bold;' class='interface'>" . htmlentities($bill['bill_name']) . '</span></a><br />' .
                     date('Y-m-d', strtotime($datefrom)) . ' to ' . date('Y-m-d', strtotime($dateto));
     $bar = print_percentage_bar(250, 20, $percent, null, 'ffffff', $background['left'], $percent . '%', 'ffffff', $background['right']);
     $actions = '';