xss: Roles

This mitigates a vulnerability reported by indevi0us where XSS is possible via the `name` parameter for Roles.
osTicket · Mar 8, 2023 · 9fb01bc · 9fb01bc
1 parent daee20f
commit 9fb01bc
Showing 1 changed file with 5 additions and 4 deletions.
diff --git a/include/class.role.php b/include/class.role.php
@@ -156,9 +156,10 @@ private function updatePerms($vars, &$errors=array()) {
     }
 
     function update($vars, &$errors) {
-        if (!$vars['name'])
+        $name = Format::sanitize($vars['name']);
+        if (!$name)
             $errors['name'] = __('Name required');
-        elseif (($r=Role::lookup(array('name'=>$vars['name'])))
+        elseif (($r=Role::lookup(array('name'=>$name)))
                 && $r->getId() != $vars['id'])
             $errors['name'] = __('Name already in use');
         elseif (!$vars['perms'] || !count($vars['perms']))
@@ -167,8 +168,8 @@ function update($vars, &$errors) {
         if ($errors)
             return false;
 
-        $this->name = $vars['name'];
-        $this->notes = $vars['notes'];
+        $this->name = $name;
+        $this->notes = Format::sanitize($vars['notes']);
 
         $this->updatePerms($vars['perms'], $errors);