From dd2ad86e469805e12edc2efbcbb02ac4539a6728 Mon Sep 17 00:00:00 2001 From: Andrew Z Date: Sun, 23 Feb 2020 12:15:58 -0500 Subject: [PATCH] Enhanced dockerMan Security --- plugins/dynamix.docker.manager/include/CreateDocker.php | 7 +++++-- plugins/dynamix.docker.manager/include/Helpers.php | 2 +- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/plugins/dynamix.docker.manager/include/CreateDocker.php b/plugins/dynamix.docker.manager/include/CreateDocker.php index 4682e978d..bdc910f11 100644 --- a/plugins/dynamix.docker.manager/include/CreateDocker.php +++ b/plugins/dynamix.docker.manager/include/CreateDocker.php @@ -344,7 +344,7 @@ button[type=button]{margin:0 20px 0 0} function makeConfig(opts) { confNum += 1; var newConfig = $("#templateDisplayConfig").html(); - newConfig = newConfig.format(opts.Name, + newConfig = newConfig.format(stripTags(opts.Name), opts.Target, opts.Default, opts.Mode, @@ -380,7 +380,10 @@ button[type=button]{margin:0 20px 0 0} } return newConfig.prop('outerHTML'); } - + function stripTags(string) { + return string.replace(/(<([^>]+)>)/ig,""); + } + function escapeQuote(string) { return string.replace(new RegExp('"','g'),"""); } diff --git a/plugins/dynamix.docker.manager/include/Helpers.php b/plugins/dynamix.docker.manager/include/Helpers.php index 95665de12..3f7d9b9c3 100644 --- a/plugins/dynamix.docker.manager/include/Helpers.php +++ b/plugins/dynamix.docker.manager/include/Helpers.php @@ -245,7 +245,7 @@ function xmlSecurity(&$template) { $tempElement = htmlspecialchars_decode($element); $tempElement = str_replace("[","<",$tempElement); $tempElement = str_replace("]",">",$tempElement); - if (preg_match('#(.*?)#is',$tempElement) || preg_match('#(.*?)#is',$tempElement)) { + if (preg_match('#(.*?)#is',$tempElement) || preg_match('#(.*?)#is',$tempElement) || (stripos($tempElement,"