mirror of https://github.com/MISP/MISP
fix: [security] XSS in the template file uploads
- as reported by Dawid Czarnecki from Zigrin Securitypull/8831/head
parent
206f540f02
commit
684d3e5139
|
@ -18,13 +18,13 @@ if ($batch == 'yes') {
|
|||
echo $this->Form->end();
|
||||
?>
|
||||
</div>
|
||||
<span id="fileUploadButton_<?php echo $element_id; ?>" role="button" tabindex="0" aria-label="<?php echo $buttonText; ?>" title="<?php echo $buttonText; ?>" class="btn btn-primary" onClick="templateFileUploadTriggerBrowse('<?php echo $element_id; ?>');"><?php echo $buttonText; ?></span>
|
||||
<span id="fileUploadButton_<?php echo h($element_id); ?>" role="button" tabindex="0" aria-label="<?php echo $buttonText; ?>" title="<?php echo $buttonText; ?>" class="btn btn-primary" onClick="templateFileUploadTriggerBrowse(<?php echo json_encode($element_id); ?>);"><?php echo $buttonText; ?></span>
|
||||
<script type="text/javascript">
|
||||
$(document).ready(function() {
|
||||
<?php if (isset($filenames)): ?>
|
||||
var fileArray = JSON.parse('<?php echo $fileArray;?>');
|
||||
templateFileHiddenAdd(fileArray, '<?php echo $element_id; ?>', '<?php echo $batch; ?>');
|
||||
showMessage('<?php echo $upload_error ? 'fail' : 'success'; ?>', '<?php echo $result; ?>', 'iframe');
|
||||
templateFileHiddenAdd(fileArray, '<?php echo h($element_id); ?>', '<?php echo h($batch); ?>');
|
||||
showMessage('<?php echo $upload_error ? 'fail' : 'success'; ?>', '<?php echo h($result); ?>', 'iframe');
|
||||
<?php endif; ?>
|
||||
});
|
||||
|
||||
|
|
Loading…
Reference in New Issue