mirror/zoneminder
1
0
Fork 0
mirror of https://github.com/ZoneMinder/zoneminder.git synced 2026-05-24 14:36:09 -04:00
Code Issues Packages Projects Releases Wiki Activity

Add filtering to Username to prevent XSS

Browse Source
This commit is contained in:
Isaac Connor
2022-03-10 14:09:41 -05:00
parent c395d46cc8
commit f49601a173
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
web/includes/Group.php
View File

@@ -5,7 +5,7 @@ class Group extends ZM_Object {
protected static $table = 'Groups';
protected $defaults = array(
'Id' => null,
'Name' => '',
'Name' => array('type'=>'text','filter_regexp'=>'/[^\w\-\.\(\)\:\/ ]/', 'default'=>'Group'),
'ParentId' => null,
);

4
web/includes/User.php
View File

@@ -9,7 +9,7 @@ class User extends ZM_Object {
protected $defaults = array(
'Id' => null,
'Username' => '',
'Username' => array('type'=>'text','filter_regexp'=>'/[^\w\.@ ]/'),
'Password' => '',
'Language' => '',
'Enabled' => 1,
@@ -25,7 +25,7 @@ class User extends ZM_Object {
'MonitorIds' => '',
'TokenMinExpiry' => 0,
'APIEnabled' => 1,
'HomeView' => '',
'HomeView' => '',
);
public static function find( $parameters = array(), $options = array() ) {