blob: 2eec4bf3275eadb4468408d145eb926671932f21 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
From 4943334fd9bf7dffd49f9e86251ad40b3efe2135 Mon Sep 17 00:00:00 2001
From: Wang Mingyu <wangmy@cn.fujitsu.com>
Date: Fri, 11 Dec 2020 17:02:20 +0900
Subject: [PATCH] Fix bug for CVE-2020-15803
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
---
frontends/php/include/classes/html/CIFrame.php | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/frontends/php/include/classes/html/CIFrame.php b/frontends/php/include/classes/html/CIFrame.php
index 32220cd..70f2ab5 100644
--- a/frontends/php/include/classes/html/CIFrame.php
+++ b/frontends/php/include/classes/html/CIFrame.php
@@ -29,6 +29,7 @@ class CIFrame extends CTag {
$this->setHeight($height);
$this->setScrolling($scrolling);
$this->setId($id);
+ $this->setSandbox();
}
public function setSrc($value = null) {
@@ -69,4 +70,10 @@ class CIFrame extends CTag {
$this->setAttribute('scrolling', $value);
return $this;
}
+
+ private function setSandbox() {
+ if (ZBX_IFRAME_SANDBOX !== false) {
+ $this->setAttribute('sandbox', ZBX_IFRAME_SANDBOX);
+ }
+ }
}
--
2.25.1
|
