aboutsummaryrefslogtreecommitdiffstatshomepage
diff options
context:
space:
mode:
authorNicolas Iooss2014-06-24 20:23:47 +0200
committerPim van den Berg2014-06-30 20:38:32 +0200
commit371e30a14aa51da456605ec4f5a5d37b5a3bd8e8 (patch)
tree580166cdf9564700cccb26c01f50d8754d5672b9
parentjsrrdgraph: Fix graph width to look like rrdtool. (diff)
downloadapt-panopticon_cgp-371e30a14aa51da456605ec4f5a5d37b5a3bd8e8.zip
apt-panopticon_cgp-371e30a14aa51da456605ec4f5a5d37b5a3bd8e8.tar.gz
apt-panopticon_cgp-371e30a14aa51da456605ec4f5a5d37b5a3bd8e8.tar.bz2
apt-panopticon_cgp-371e30a14aa51da456605ec4f5a5d37b5a3bd8e8.tar.xz
Escape HTML in GET-provided hostname
A malicious user can enter javascript code in "h" GET parameter and this code gets executed because this parameter is copied in the HTML output without any escaping. This patch escape the output before it is checked it is valid.
Diffstat (limited to '')
-rw-r--r--detail.php4
-rw-r--r--host.php4
2 files changed, 4 insertions, 4 deletions
diff --git a/detail.php b/detail.php
index 0fedb69..4fb43b0 100644
--- a/detail.php
+++ b/detail.php
@@ -27,8 +27,8 @@ $selected_plugins = !$plugin ? $CONFIG['overview'] : array($plugin);
27 27
28html_start(); 28html_start();
29 29
30printf('<fieldset id="%s">', $host); 30printf('<fieldset id="%s">', htmlentities($host));
31printf('<legend>%s</legend>', $host); 31printf('<legend>%s</legend>', htmlentities($host));
32 32
33if (!$plugins = collectd_plugins($host)) { 33if (!$plugins = collectd_plugins($host)) {
34 echo "Unknown host\n"; 34 echo "Unknown host\n";
diff --git a/host.php b/host.php
index b398630..97f4dae 100644
--- a/host.php
+++ b/host.php
@@ -11,8 +11,8 @@ $selected_plugins = !$plugin ? $CONFIG['overview'] : array($plugin);
11 11
12html_start(); 12html_start();
13 13
14printf("<fieldset id=\"%s\">", $host); 14printf("<fieldset id=\"%s\">", htmlentities($host));
15printf("<legend>%s</legend>", $host); 15printf("<legend>%s</legend>", htmlentities($host));
16 16
17 17
18if (!$plugins = collectd_plugins($host)) { 18if (!$plugins = collectd_plugins($host)) {