From fe3e2c2deeef568ec7e961340487497e31eb1a81 Mon Sep 17 00:00:00 2001 From: Changqing Li Date: Wed, 13 Apr 2022 10:19:39 +0800 Subject: [PATCH] ..F....... [DEV-2077] fixed reflected XSS issues Merge in ZBX/zabbix from feature/DEV-2077-5.4 to release/5.4 * commit '5986cdf2572acaaaac1fc113d6407d5f0cd00c35': ..F....... [DEV-2077] fixed service actions #3 ..F....... [DEV-2077] fixed service actions #2 ..F....... [DEV-2077] reverted unnecessary changes ..F....... [DEV-2077] reverted tests ..F....... [DEV-2077] fixed service actions ..F....... [DEV-2077] fixed reflected XSS issue in service configuration form ..F....... [DEV-2077] fixed reflected XSS issues in uncheckTableRows function ..F....... [DEV-2077] fixed reflected XSS issues in graph configuration ..F....... [DEV-2077] fixed reflected XSS issues in action configuration Upstream_Status: Backport [https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/05976188fcca518c029e1af9ed03fd331786d77d] CVE: CVE-2022-24349,CVE-2022-24917,CVE-2022-24918,CVE-2022-24919 Signed-off-by: Changqing Li --- ui/actionconf.php | 2 +- ui/graphs.php | 2 +- ui/include/func.inc.php | 5 ++--- ui/include/views/configuration.services.edit.php | 5 +++-- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/ui/actionconf.php b/ui/actionconf.php index 5b67f72..8cda3fc 100644 --- a/ui/actionconf.php +++ b/ui/actionconf.php @@ -37,7 +37,7 @@ $fields = [ 'name' => [T_ZBX_STR, O_OPT, null, NOT_EMPTY, 'isset({add}) || isset({update})', _('Name') ], - 'eventsource' => [T_ZBX_INT, O_OPT, null, + 'eventsource' => [T_ZBX_INT, O_OPT, P_SYS, IN([EVENT_SOURCE_TRIGGERS, EVENT_SOURCE_DISCOVERY, EVENT_SOURCE_AUTOREGISTRATION, EVENT_SOURCE_INTERNAL ]), diff --git a/ui/graphs.php b/ui/graphs.php index 79bb195..1d10803 100644 --- a/ui/graphs.php +++ b/ui/graphs.php @@ -43,7 +43,7 @@ $fields = [ 'name' => [T_ZBX_STR, O_OPT, null, NOT_EMPTY, 'isset({add}) || isset({update})', _('Name')], 'width' => [T_ZBX_INT, O_OPT, null, BETWEEN(20, 65535), 'isset({add}) || isset({update})', _('Width')], 'height' => [T_ZBX_INT, O_OPT, null, BETWEEN(20, 65535), 'isset({add}) || isset({update})', _('Height')], - 'graphtype' => [T_ZBX_INT, O_OPT, null, IN('0,1,2,3'), 'isset({add}) || isset({update})'], + 'graphtype' => [T_ZBX_INT, O_OPT, P_SYS, IN('0,1,2,3'), 'isset({add}) || isset({update})'], 'show_3d' => [T_ZBX_INT, O_OPT, P_NZERO, IN('0,1'), null], 'show_legend' => [T_ZBX_INT, O_OPT, P_NZERO, IN('0,1'), null], 'ymin_type' => [T_ZBX_INT, O_OPT, null, IN('0,1,2'), null], diff --git a/ui/include/func.inc.php b/ui/include/func.inc.php index 359fdfb..43c1a41 100644 --- a/ui/include/func.inc.php +++ b/ui/include/func.inc.php @@ -2175,11 +2175,10 @@ function uncheckTableRows($parentid = null, $keepids = []) { if ($keepids) { // If $keepids will not have same key as value, it will create mess, when new checkbox will be checked. $keepids = array_combine($keepids, $keepids); - - insert_js('sessionStorage.setItem("'.$key.'", JSON.stringify('.json_encode($keepids).'))'); + insert_js('sessionStorage.setItem('.json_encode($key).', JSON.stringify('.json_encode($keepids).'));'); } else { - insert_js('sessionStorage.removeItem("'.$key.'")'); + insert_js('sessionStorage.removeItem('.json_encode($key).');'); } } diff --git a/ui/include/views/configuration.services.edit.php b/ui/include/views/configuration.services.edit.php index a12385b..625fba9 100644 --- a/ui/include/views/configuration.services.edit.php +++ b/ui/include/views/configuration.services.edit.php @@ -141,9 +141,10 @@ foreach ($this->data['children'] as $child) { !empty($child['trigger']) ? $child['trigger'] : '', (new CCol( (new CButton('remove', _('Remove'))) - ->onClick('javascript: removeDependentChild(\''.$child['serviceid'].'\');') - ->addClass(ZBX_STYLE_BTN_LINK) ->removeId() + ->addClass(ZBX_STYLE_BTN_LINK) + ->setAttribute('data-serviceid', $child['serviceid']) + ->onClick('removeDependentChild(this.dataset.serviceid);') ))->addClass(ZBX_STYLE_NOWRAP) ]))->setId('children_'.$child['serviceid']) ); -- 2.25.1