meta-oe/recipes-connectivity/zabbix/zabbix/0001-.F.-DEV-2077-fixed-reflected-XSS-issues.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93

From fe3e2c2deeef568ec7e961340487497e31eb1a81 Mon Sep 17 00:00:00 2001
From: Changqing Li <changqing.li@windriver.com>
Date: Wed, 13 Apr 2022 10:19:39 +0800
Subject: [PATCH] ..F....... [DEV-2077] fixed reflected XSS issues

Merge in ZBX/zabbix from feature/DEV-2077-5.4 to release/5.4

* commit '5986cdf2572acaaaac1fc113d6407d5f0cd00c35':
  ..F....... [DEV-2077] fixed service actions #3
  ..F....... [DEV-2077] fixed service actions #2
  ..F....... [DEV-2077] reverted unnecessary changes
  ..F....... [DEV-2077] reverted tests
  ..F....... [DEV-2077] fixed service actions
  ..F....... [DEV-2077] fixed reflected XSS issue in service configuration form
  ..F....... [DEV-2077] fixed reflected XSS issues in uncheckTableRows function
  ..F....... [DEV-2077] fixed reflected XSS issues in graph configuration
  ..F....... [DEV-2077] fixed reflected XSS issues in action configuration

Upstream_Status: Backport [https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/05976188fcca518c029e1af9ed03fd331786d77d]
CVE: CVE-2022-24349,CVE-2022-24917,CVE-2022-24918,CVE-2022-24919

Signed-off-by: Changqing Li <changqing.li@windriver.com>
---
 ui/actionconf.php                                | 2 +-
 ui/graphs.php                                    | 2 +-
 ui/include/func.inc.php                          | 5 ++---
 ui/include/views/configuration.services.edit.php | 5 +++--
 4 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/ui/actionconf.php b/ui/actionconf.php
index 5b67f72..8cda3fc 100644
--- a/ui/actionconf.php
+++ b/ui/actionconf.php
@@ -37,7 +37,7 @@ $fields = [
 	'name' =>							[T_ZBX_STR, O_OPT, null,	NOT_EMPTY,	'isset({add}) || isset({update})',
 											_('Name')
 										],
-	'eventsource' =>					[T_ZBX_INT, O_OPT, null,
+	'eventsource' =>					[T_ZBX_INT, O_OPT, P_SYS,
 											IN([EVENT_SOURCE_TRIGGERS, EVENT_SOURCE_DISCOVERY,
 												EVENT_SOURCE_AUTOREGISTRATION, EVENT_SOURCE_INTERNAL
 											]),
diff --git a/ui/graphs.php b/ui/graphs.php
index 79bb195..1d10803 100644
--- a/ui/graphs.php
+++ b/ui/graphs.php
@@ -43,7 +43,7 @@ $fields = [
 	'name' =>				[T_ZBX_STR, O_OPT, null,		NOT_EMPTY,		'isset({add}) || isset({update})', _('Name')],
 	'width' =>				[T_ZBX_INT, O_OPT, null,		BETWEEN(20, 65535), 'isset({add}) || isset({update})', _('Width')],
 	'height' =>				[T_ZBX_INT, O_OPT, null,		BETWEEN(20, 65535), 'isset({add}) || isset({update})', _('Height')],
-	'graphtype' =>			[T_ZBX_INT, O_OPT, null,		IN('0,1,2,3'),	'isset({add}) || isset({update})'],
+	'graphtype' =>			[T_ZBX_INT, O_OPT, P_SYS,		IN('0,1,2,3'),	'isset({add}) || isset({update})'],
 	'show_3d' =>			[T_ZBX_INT, O_OPT, P_NZERO,	IN('0,1'),		null],
 	'show_legend' =>		[T_ZBX_INT, O_OPT, P_NZERO,	IN('0,1'),		null],
 	'ymin_type' =>			[T_ZBX_INT, O_OPT, null,		IN('0,1,2'),	null],
diff --git a/ui/include/func.inc.php b/ui/include/func.inc.php
index 359fdfb..43c1a41 100644
--- a/ui/include/func.inc.php
+++ b/ui/include/func.inc.php
@@ -2175,11 +2175,10 @@ function uncheckTableRows($parentid = null, $keepids = []) {
 	if ($keepids) {
 		// If $keepids will not have same key as value, it will create mess, when new checkbox will be checked.
 		$keepids = array_combine($keepids, $keepids);
-
-		insert_js('sessionStorage.setItem("'.$key.'", JSON.stringify('.json_encode($keepids).'))');
+		insert_js('sessionStorage.setItem('.json_encode($key).', JSON.stringify('.json_encode($keepids).'));');
 	}
 	else {
-		insert_js('sessionStorage.removeItem("'.$key.'")');
+		insert_js('sessionStorage.removeItem('.json_encode($key).');');
 	}
 }
 
diff --git a/ui/include/views/configuration.services.edit.php b/ui/include/views/configuration.services.edit.php
index a12385b..625fba9 100644
--- a/ui/include/views/configuration.services.edit.php
+++ b/ui/include/views/configuration.services.edit.php
@@ -141,9 +141,10 @@ foreach ($this->data['children'] as $child) {
 			!empty($child['trigger']) ? $child['trigger'] : '',
 			(new CCol(
 				(new CButton('remove', _('Remove')))
-					->onClick('javascript: removeDependentChild(\''.$child['serviceid'].'\');')
-					->addClass(ZBX_STYLE_BTN_LINK)
 					->removeId()
+					->addClass(ZBX_STYLE_BTN_LINK)
+					->setAttribute('data-serviceid', $child['serviceid'])
+					->onClick('removeDependentChild(this.dataset.serviceid);')
 			))->addClass(ZBX_STYLE_NOWRAP)
 		]))->setId('children_'.$child['serviceid'])
 	);
-- 
2.25.1