MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Fixed XSS in the footer 

- reported by Roberto Suggi Liverani from NCIA
pull/639/head
Iglocska 2015-09-02 16:34:43 +02:00
parent 20de4ba9cc
commit b83e615672
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/View/Elements/footer.ctp
View File

@ -16,12 +16,12 @@
$footerText = Configure::read('MISP.footerpart1') . ' ' . Configure::read('MISP.footerpart2');
if (isset($me['id'])) $footerText = Configure::read('MISP.footerpart1') . ' version ' . $mispVersion . ' ' . Configure::read('MISP.footerpart2');
?>
<span> <?php echo $footerText; ?> </span>
<span> <?php echo h($footerText); ?> </span>
</div>
<div class="pull-right" style="position:relative;padding-top:9px;z-index:2;">
<?php
if (Configure::read('MISP.footer_logo')) {
if (Configure::read('MISP.footer_logo')) echo $this->Html->image('custom/' . Configure::read('MISP.footer_logo'), array('alt' => 'Footer Logo', 'onerror' => "this.style.display='none';", 'style' => 'height:24px'));
if (Configure::read('MISP.footer_logo')) echo $this->Html->image('custom/' . h(Configure::read('MISP.footer_logo')), array('alt' => 'Footer Logo', 'onerror' => "this.style.display='none';", 'style' => 'height:24px'));
}
?>
</div>