calculate
/
gentoo-overlay
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b0b374de5f'
${ noResults }
gentoo-overlay/net-analyzer/zabbix/files/zabbix-3.0.31-fix-cve-2020-...

84 lines
3.0 KiB
Raw Blame History

diff --git a/frontends/php/include/classes/screens/CScreenUrl.php b/frontends/php/include/classes/screens/CScreenUrl.php
index e35c5f1..1df396e 100644
--- a/frontends/php/include/classes/screens/CScreenUrl.php
+++ b/frontends/php/include/classes/screens/CScreenUrl.php
@@ -29,18 +29,10 @@ class CScreenUrl extends CScreenBase {
public function get() {
// prevent from resolving macros in configuration page
if ($this->mode != SCREEN_MODE_PREVIEW && $this->mode != SCREEN_MODE_SLIDESHOW) {
- return $this->getOutput(
- CHtmlUrlValidator::validate($this->screenitem['url'], false)
- ? new CIFrame($this->screenitem['url'], $this->screenitem['width'], $this->screenitem['height'],
- 'auto')
- : makeMessageBox(false, [[
- 'type' => 'error',
- 'message' => _s('Provided URL "%1$s" is invalid.', $this->screenitem['url'])
- ]]
- )
- );
+ return $this->getOutput($this->prepareElement());
}
- elseif ($this->screenitem['dynamic'] == SCREEN_DYNAMIC_ITEM && $this->hostid == 0) {
+
+ if ($this->screenitem['dynamic'] == SCREEN_DYNAMIC_ITEM && $this->hostid == 0) {
return $this->getOutput((new CTableInfo())->setNoDataMessage(_('No host selected.')));
}
@@ -54,14 +46,28 @@ class CScreenUrl extends CScreenBase {
$this->screenitem['url'] = $url ? $url : $this->screenitem['url'];
- return $this->getOutput(
- CHtmlUrlValidator::validate($this->screenitem['url'], false)
- ? new CIFrame($this->screenitem['url'], $this->screenitem['width'], $this->screenitem['height'], 'auto')
- : makeMessageBox(false, [[
- 'type' => 'error',
- 'message' => _s('Provided URL "%1$s" is invalid.', $this->screenitem['url'])
- ]]
- )
- );
+ return $this->getOutput($this->prepareElement());
+ }
+
+ /**
+ * @return CTag
+ */
+ public function prepareElement() {
+ if (CHtmlUrlValidator::validate($this->screenitem['url'], false)) {
+ $item = new CIFrame($this->screenitem['url'], $this->screenitem['width'], $this->screenitem['height'],
+ 'auto'
+ );
+
+ if (ZBX_IFRAME_SANDBOX !== false) {
+ $item->setAttribute('sandbox', ZBX_IFRAME_SANDBOX);
+ }
+
+ return $item;
+ }
+
+ return makeMessageBox(false, [[
+ 'type' => 'error',
+ 'message' => _s('Provided URL "%1$s" is invalid.', $this->screenitem['url'])
+ ]]);
}
}
diff --git a/frontends/php/include/defines.inc.php b/frontends/php/include/defines.inc.php
index a67a625..c6a437c 100644
--- a/frontends/php/include/defines.inc.php
+++ b/frontends/php/include/defines.inc.php
@@ -1284,6 +1284,14 @@ if (function_exists('bcscale')) {
bcscale(7);
}
+/**
+ * The sandbox attribute enables an extra set of restrictions for the content in the iframe. Default is set to empty
+ * string, which means all restrictions are applied. To disable, set to FALSE. To set a specific set of restrictions,
+ * write a custom string.
+ * https://www.w3.org/TR/2010/WD-html5-20100624/the-iframe-element.html#attr-iframe-sandbox
+ */
+define('ZBX_IFRAME_SANDBOX', '');
+
// HTTP headers
/*
* Value of HTTP X-Frame-options header.
Reference in new issue View Git Blame Copy Permalink