diff options
| author | artem <artem@97f52cf1-0a1b-0410-bd0e-c28be96e8082> | 2007-12-12 09:42:46 +0000 |
|---|---|---|
| committer | artem <artem@97f52cf1-0a1b-0410-bd0e-c28be96e8082> | 2007-12-12 09:42:46 +0000 |
| commit | c0529a72a421c43e903376c9c2661cf9b2e221d8 (patch) | |
| tree | c1597b558cb9a46961d204e9461d5c2a6eea59e6 /frontends/php/include/validate.inc.php | |
| parent | 1e32b65c56449dba7140c470a2e18024a05063d4 (diff) | |
| download | zabbix-c0529a72a421c43e903376c9c2661cf9b2e221d8.tar.gz zabbix-c0529a72a421c43e903376c9c2661cf9b2e221d8.tar.xz zabbix-c0529a72a421c43e903376c9c2661cf9b2e221d8.zip | |
- [ZBX-208] html output parsing (Artem)
git-svn-id: svn://svn.zabbix.com/trunk@5164 97f52cf1-0a1b-0410-bd0e-c28be96e8082
Diffstat (limited to 'frontends/php/include/validate.inc.php')
| -rw-r--r-- | frontends/php/include/validate.inc.php | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/frontends/php/include/validate.inc.php b/frontends/php/include/validate.inc.php index c30fa424..9fbb2bc1 100644 --- a/frontends/php/include/validate.inc.php +++ b/frontends/php/include/validate.inc.php @@ -218,14 +218,14 @@ //*/ //echo $f,":",$expression,"<br>"; $expression = str_replace('{'.$f.'}','$_REQUEST["'.$f.'"]',$expression); -//$debug .= $f." = ".$_REQUEST[$f].BR; +//$debug .= $f." = ".$_REQUEST[$f].SBR; } $expression = trim($expression,"& "); $exec = "return (".$expression.") ? 1 : 0;"; $ret = eval($exec); //echo $debug; -//echo "$field - result: ".$ret." exec: $exec".BR.BR; +//echo "$field - result: ".$ret." exec: $exec".SBR.SBR; //SDI("$field - result: ".$ret." exec: $exec"); return $ret; } @@ -415,6 +415,11 @@ return ZBX_VALID_WARNING; } } + + if($type == T_ZBX_STR){ +// XSS +// $var=str_replace('<','<',$var); + } if(($type == T_ZBX_CLR) && !is_hex_color($var)) { $var = 'FFFFFF'; |