Skip to content

Commit

Permalink
Fix events view XSS vulnerabilities
Browse files Browse the repository at this point in the history
  • Loading branch information
Calvo committed Nov 22, 2022
1 parent a48e677 commit 5aa51f2
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 6 deletions.
2 changes: 1 addition & 1 deletion pandora_console/godmode/events/event_edit_filter.php
View file
Expand Up @@ -370,7 +370,7 @@
$table->data[6][0] = '<b>'.__('Free search').'</b>';
$table->data[6][1] = html_print_input_text(
'search',
io_safe_output($search),
$search,
'',
15,
255,
Expand Down
4 changes: 2 additions & 2 deletions pandora_console/include/functions_events.php
View file
Expand Up @@ -1123,13 +1123,13 @@ function events_get_all(
$sql_filters[] = sprintf(
' AND JSON_VALID(custom_data) = 1
AND (JSON_EXTRACT(custom_data, "$.*") LIKE lower("%%%s%%") COLLATE utf8mb4_0900_ai_ci) ',
io_safe_output($filter['custom_data'])
io_safe_output_html($filter['custom_data'])
);
} else {
$sql_filters[] = sprintf(
' AND JSON_VALID(custom_data) = 1
AND (JSON_SEARCH(JSON_KEYS(custom_data), "all", lower("%%%s%%") COLLATE utf8mb4_0900_ai_ci) IS NOT NULL) ',
io_safe_output($filter['custom_data'])
io_safe_output_html($filter['custom_data'])
);
}
} else {
Expand Down
6 changes: 3 additions & 3 deletions pandora_console/operation/events/events.php
View file
Expand Up @@ -2880,11 +2880,11 @@ function reorder_tags_inputs() {
$("#text-event_view_hr").on("keyup",function(){
hours = $('#text-event_view_hr').val();
if (hours == '' || hours == 0 ) {
$('#summary_hours').html('<?php echo __('Any'); ?>');
$('#summary_hours').text('<?php echo __('Any'); ?>');
} else if (hours == 1) {
$('#summary_hours').html('<?php echo __('Last hour.'); ?>');
$('#summary_hours').text('<?php echo __('Last hour.'); ?>');
} else {
$('#summary_hours').html(hours + '<?php echo ' '.__('hours.'); ?>');
$('#summary_hours').text(hours + '<?php echo ' '.__('hours.'); ?>');
}
});

Expand Down

0 comments on commit 5aa51f2

Please sign in to comment.