mirror/webgui
1
0
Fork 0
mirror of https://github.com/unraid/webgui.git synced 2026-01-13 05:00:06 -06:00
Code Issues Packages Projects Releases Wiki Activity

Enhanced dockerMan Security

Browse Source
This commit is contained in:
Andrew Z
2020-02-23 12:15:58 -05:00
parent 6933c870b7
commit dd2ad86e46
2 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
plugins/dynamix.docker.manager/include/CreateDocker.php
View File

@@ -344,7 +344,7 @@ button[type=button]{margin:0 20px 0 0}
function makeConfig(opts) {
confNum += 1;
var newConfig = $("#templateDisplayConfig").html();
newConfig = newConfig.format(opts.Name,
newConfig = newConfig.format(stripTags(opts.Name),
opts.Target,
opts.Default,
opts.Mode,
@@ -380,7 +380,10 @@ button[type=button]{margin:0 20px 0 0}
}
return newConfig.prop('outerHTML');
}
function stripTags(string) {
return string.replace(/(<([^>]+)>)/ig,"");
}
function escapeQuote(string) {
return string.replace(new RegExp('"','g'),"&quot;");
}

2
plugins/dynamix.docker.manager/include/Helpers.php
View File

@@ -245,7 +245,7 @@ function xmlSecurity(&$template) {
$tempElement = htmlspecialchars_decode($element);
$tempElement = str_replace("[","<",$tempElement);
$tempElement = str_replace("]",">",$tempElement);
if (preg_match('#<script(.*?)>(.*?)</script>#is',$tempElement) || preg_match('#<iframe(.*?)>(.*?)</iframe>#is',$tempElement)) {
if (preg_match('#<script(.*?)>(.*?)</script>#is',$tempElement) || preg_match('#<iframe(.*?)>(.*?)</iframe>#is',$tempElement) || (stripos($tempElement,"<link") !== false) ) {
$element = "REMOVED";
}
}