mirror/webgui
1
0
Fork 0
mirror of https://github.com/unraid/webgui.git synced 2026-04-25 20:01:38 -05:00
Code Issues Packages Projects Releases Wiki Activity

Docker Security: Remove <script> and <iframe>

Browse Source 
Recursively remove any <script> or <iframe> from all elements in a template
This commit is contained in:
Squidly271
2018-03-17 17:08:00 -04:00
committed by GitHub
parent 30dc063bb2
commit 79f4fce086
1 changed files with 18 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
plugins/dynamix.docker.manager/include/CreateDocker.php
+18
View File
@@ -374,9 +374,27 @@ function xmlToVar($xml) {
}
}
}
xmlSecurity($out);
return $out;
}
function xmlSecurity(&$template) {
foreach ($template as &$element) {
if ( is_array($element) ) {
xmlSecurity($element);
} else {
if ( is_string($element) ) {
$tempElement = htmlspecialchars_decode($element);
$tempElement = str_replace("[","<",$tempElement);
$tempElement = str_replace("]",">",$tempElement);
if ( preg_match('#<script(.*?)>(.*?)</script>#is',$tempElement) || preg_match('#<iframe(.*?)>(.*?)</iframe>#is',$tempElement) ) {
$element = "REMOVED";
}
}
}
}
}
function xmlToCommand($xml, $create_paths=false) {
global $var;
global $docroot;