Commit ea4e2f81 authored by Laurent Calvet's avatar Laurent Calvet
Browse files

fix(conf/command) Fix XSS in command help page (#9922)

parent 62bf72f0
* Copyright 2005-2019 Centreon
* Centreon is developed by : Julien Mathis and Romain Le Merlus under
......@@ -116,12 +117,13 @@ $tpl = initSmartyTpl($path, $tpl);
* Apply a template definition
$renderer = new HTML_QuickForm_Renderer_ArraySmarty($tpl);
$tpl->assign('form', $renderer->toArray());
$tpl->assign('o', $o);
$tpl->assign('command_line', $command);
$tpl->assign('command_line', CentreonUtils::escapeSecure($command, CentreonUtils::ESCAPE_ALL));
if (isset($msg) && $msg) {
$tpl->assign('msg', $msg);
$tpl->assign('msg', CentreonUtils::escapeAllExceptSelectedTags($msg, ['br']));
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment