diff options
| author | Roberts Lataria <roberts.lataria@zabbix.com> | 2022-05-25 10:55:08 +0300 |
|---|---|---|
| committer | Roberts Lataria <roberts.lataria@zabbix.com> | 2022-05-25 11:16:33 +0300 |
| commit | b8708dcebc4b4f62ba89d7e7d52fdc034e25d96b (patch) | |
| tree | 0c0cb431c9986972110edcd2d50a895d1de56cac | |
| parent | c973e97e9ae5857227712bce30f25f69888615ef (diff) | |
..F....... [DEV-2181] fixed xss bug when create / update graphs
| -rw-r--r-- | ui/graphs.php | 25 |
1 files changed, 17 insertions, 8 deletions
diff --git a/ui/graphs.php b/ui/graphs.php index 82531e33913..9bdc21f9267 100644 --- a/ui/graphs.php +++ b/ui/graphs.php @@ -96,7 +96,14 @@ if (isset($_REQUEST['yaxismax']) && zbx_empty($_REQUEST['yaxismax'])) { } check_fields($fields); -$gitems = getRequest('items', []); +$gitems = []; +foreach (getRequest('items', []) as $gitem) { + if ((array_key_exists('itemid', $gitem) && ctype_digit($gitem['itemid'])) + && (array_key_exists('type', $gitem) && ctype_digit($gitem['type'])) + && (array_key_exists('drawtype', $gitem) && ctype_digit($gitem['drawtype']))) { + $gitems[] = $gitem; + } +} $_REQUEST['show_3d'] = getRequest('show_3d', 0); $_REQUEST['show_legend'] = getRequest('show_legend', 0); @@ -624,15 +631,17 @@ elseif (isset($_REQUEST['form'])) { 'preservekeys' => true ]); - foreach ($data['items'] as &$item) { - $host = reset($items[$item['itemid']]['hosts']); + if ($items) { + foreach ($data['items'] as &$item) { + $host = reset($items[$item['itemid']]['hosts']); - $item['host'] = $host['name']; - $item['hostid'] = $items[$item['itemid']]['hostid']; - $item['name'] = $items[$item['itemid']]['name']; - $item['flags'] = $items[$item['itemid']]['flags']; + $item['host'] = $host['name']; + $item['hostid'] = $items[$item['itemid']]['hostid']; + $item['name'] = $items[$item['itemid']]['name']; + $item['flags'] = $items[$item['itemid']]['flags']; + } + unset($item); } - unset($item); } // Set ymin_item_name. |