diff options
| author | Roberts Lataria <roberts.lataria@zabbix.com> | 2022-07-13 16:12:57 +0300 |
|---|---|---|
| committer | Roberts Lataria <roberts.lataria@zabbix.com> | 2022-07-13 16:12:57 +0300 |
| commit | 8f869632732dcc1a7fdb84ef9560a494f83d5fc9 (patch) | |
| tree | 88f277c03549e1c1db106b3d75797f18dc08e7af | |
| parent | 8600997cf078681158332e967b046596ce904c0d (diff) | |
..F....... [DEV-2181] fixed xss in graph
| -rw-r--r-- | frontends/php/graphs.php | 15 |
1 files changed, 4 insertions, 11 deletions
diff --git a/frontends/php/graphs.php b/frontends/php/graphs.php index 5987258d387..8ae19461b41 100644 --- a/frontends/php/graphs.php +++ b/frontends/php/graphs.php @@ -93,19 +93,12 @@ check_fields($fields); $gitems = []; foreach (getRequest('items', []) as $item) { $gitem = json_decode($item, true); - if (array_key_exists('itemid', $gitem)) { - $gitem['itemid'] = bcadd($gitem['itemid'], 0); - } - - if (array_key_exists('type', $gitem)) { - $gitem['type'] = (int) $gitem['type']; - } - if (array_key_exists('drawtype', $gitem)) { - $gitem['drawtype'] = (int) $gitem['drawtype']; + if ((array_key_exists('itemid', $gitem) && ctype_digit($gitem['itemid'])) + && (array_key_exists('type', $gitem) && ctype_digit($gitem['type'])) + && (array_key_exists('drawtype', $gitem) && ctype_digit($gitem['drawtype']))) { + $gitems[] = $gitem; } - - $gitems[] = $gitem; } $_REQUEST['items'] = $gitems; |