mirror/webgui
1
0
Fork 0
mirror of https://github.com/unraid/webgui.git synced 2026-01-28 20:49:04 -06:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #304 from Squidly271/patch-4

Browse Source 
Docker Security: Remove <script> and <iframe>
This commit is contained in:
tom mortensen
2018-03-19 14:21:44 -07:00
committed by GitHub
parent 30dc063bb2 742af14804
commit ae7bcad956
1 changed files with 18 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
plugins/dynamix.docker.manager/include/CreateDocker.php
View File

@@ -374,9 +374,27 @@ function xmlToVar($xml) {
}
}
}
xmlSecurity($out);
return $out;
}
function xmlSecurity(&$template) {
foreach ($template as &$element) {
if ( is_array($element) ) {
xmlSecurity($element);
} else {
if ( is_string($element) ) {
$tempElement = htmlspecialchars_decode($element);
$tempElement = str_replace("[","<",$tempElement);
$tempElement = str_replace("]",">",$tempElement);
if ( preg_match('#<script(.*?)>(.*?)</script>#is',$tempElement) || preg_match('#<iframe(.*?)>(.*?)</iframe>#is',$tempElement) ) {
$element = "REMOVED";
}
}
}
}
}
function xmlToCommand($xml, $create_paths=false) {
global $var;
global $docroot;