mirror of https://github.com/MISP/MISP
Fix to a reflected XSS in the event choice
parent
ffef691aa6
commit
77adf624d9
|
@ -4,10 +4,10 @@
|
|||
<table style="width:100%;">
|
||||
<?php foreach ($exports as $k => $export): ?>
|
||||
<tr style="border-bottom:1px solid black;" class="templateChoiceButton">
|
||||
<td style="padding-left:10px; text-align:left;width:50%;" onClick="exportChoiceSelect('<?php echo $export['url']; ?>', '<?php echo $k; ?>', '<?php echo $export['checkbox']; ?>')"><?php echo $export['text']; ?></td>
|
||||
<td style="padding-left:10px; text-align:left;width:50%;" onClick="exportChoiceSelect('<?php echo h($export['url']); ?>', '<?php echo h($k); ?>', '<?php echo h($export['checkbox']); ?>')"><?php echo h($export['text']); ?></td>
|
||||
<td style="padding-right:10px; width:50%;text-align:right;">
|
||||
<?php if ($export['checkbox']):
|
||||
echo $export['checkbox_text'];
|
||||
echo h($export['checkbox_text']);
|
||||
?>
|
||||
<input id = "<?php echo $k . '_toggle';?>" type="checkbox" style="align;vertical-align:top;margin-top:8px;">
|
||||
<span id ="<?php echo $k?>_set" style="display:none;"><?php echo h($export['checkbox_set']); ?></span>
|
||||
|
|
|
@ -359,10 +359,10 @@ The event ID is optional. MISP will accept either a JSON or an XML object posted
|
|||
<h3>Add or remove tags from events</h3>
|
||||
<p>You can add or remove an existing tag from an event in the following way:</p>
|
||||
<pre>
|
||||
<?php echo Configure::read('MISP.baseurl').'/attributes/addTag'; ?>
|
||||
<?php echo Configure::read('MISP.baseurl').'/events/addTag'; ?>
|
||||
</pre>
|
||||
<pre>
|
||||
<?php echo Configure::read('MISP.baseurl').'/attributes/removeTag'; ?>
|
||||
<?php echo Configure::read('MISP.baseurl').'/events/removeTag'; ?>
|
||||
</pre>
|
||||
<p>Just POST a json object in the following format (to the appropriate API depending on whether you want to add or delete a tag from an event):</p>
|
||||
<code>{"request": {"Event": {"id": "228", "tag": "8"}}}</code><br /><br />
|
||||
|
|
Loading…
Reference in New Issue