CVE-2022-4067: Fix possible RSS XSS (#14457) · librenms/librenms@8e85698

@@ -84,7 +84,7 @@
$class = $notif[‘severity’] == 2 ? ‘text-danger’ : ‘text-warning’; echo "<h4 class=’$class’ id=’${notif[‘notifications_id’]}’>"; echo “<strong><i class=’fa fa-bell-o’></i> ${notif[‘title’]}</strong>"; echo “<strong><i class=’fa fa-bell-o’></i> " . htmlentities($notif[‘title’]) . ‘</strong>’; echo "<span class=’pull-right’>";
if ($notif[‘user_id’] != Auth::id()) { @@ -125,7 +125,7 @@ } elseif ($notif[‘severity’] == 2) { $class = ‘text-danger’; } echo "<h4 class=’$class’ id=’${notif[‘notifications_id’]}’>${notif[‘title’]}<span class=’pull-right’>"; echo "<h4 class=’$class’ id=’${notif[‘notifications_id’]}’>” . htmlentities($notif[‘title’]) . “<span class=’pull-right’>";
if (Auth::user()->hasGlobalAdmin()) { echo '<button class="btn btn-primary fa fa-bell-o stick-notif” data-toggle="tooltip” data-placement="bottom" title="Mark as Sticky" style="margin-top:-10px;"></button>’; @@ -168,7 +168,7 @@ } elseif ($notif[‘severity’] == 2) { echo ' class="text-danger"’; } echo " id=’${notif[‘notifications_id’]}’>${notif[‘title’]}"; echo " id=’${notif[‘notifications_id’]}’>" . htmlentities($notif[‘title’]);
if (Auth::user()->isAdmin()) { echo '<span class="pull-right"><button class="btn btn-primary fa fa-bell-o stick-notif" data-toggle="tooltip" data-placement="bottom" title="Mark as Sticky" style="margin-top:-10px;"></button></span>’;