MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

fix: [security] reflected xss on dashboard edit

pull/9250/head
Luciano Righetti 2023-08-11 09:53:21 +02:00
parent 22e863fac3
commit 09fb0cba65
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/Controller/DashboardsController.php
View File

@ -93,6 +93,9 @@ class DashboardsController extends AppController
if (empty($data['config'])) {
$data['config'] = '';
}
if (!empty($data['id']) && !preg_match('/^[\w\d_]+$/i', $data['id'])) {
throw new BadRequestException(__('Invalid widget id provided.'));
}
if ($action === 'add') {
$data['widget_options'] = $this->Dashboard->loadAllWidgets($this->Auth->user());
} else if ($action === 'edit') {