cuongpv/faveo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

XSS patch for basic models

Browse Source
This commit is contained in:
Manish Verma
2021-03-12 19:28:16 +05:30
parent 5d8b86bf5e
commit 309a1557d9
6 changed files with 58 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/Model/helpdesk/Ticket/Ticket_Thread.php
View File

@@ -132,7 +132,7 @@ class Ticket_Thread extends Model
public function getSubject()
{
$subject = $this->attributes['title'];
$subject = strip_tags($this->attributes['title']);
$array = imap_mime_header_decode($subject);
$title = '';
if (is_array($array) && count($array) > 0) {

20
app/Model/kb/Comment.php
View File

@@ -12,4 +12,24 @@ class Comment extends BaseModel
{
protected $table = 'kb_comment';
protected $fillable = ['article_id', 'name', 'email', 'website', 'comment', 'status'];
public function setNameAttribute($value)
{
$this->attributes['name'] = strip_tags($value);
}
public function setCommentAttribute($value)
{
$this->attributes['comment'] = strip_tags($value);
}
public function getNameAttribute($value)
{
return strip_tags($value);
}
public function getCommentAttribute($value)
{
return strip_tags($value);
}
}