| From 4943334fd9bf7dffd49f9e86251ad40b3efe2135 Mon Sep 17 00:00:00 2001 |
| From: Wang Mingyu <wangmy@cn.fujitsu.com> |
| Date: Fri, 11 Dec 2020 17:02:20 +0900 |
| Subject: [PATCH] Fix bug for CVE-2020-15803 |
| |
| Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> |
| --- |
| frontends/php/include/classes/html/CIFrame.php | 7 +++++++ |
| 1 file changed, 7 insertions(+) |
| |
| diff --git a/frontends/php/include/classes/html/CIFrame.php b/frontends/php/include/classes/html/CIFrame.php |
| index 32220cd..70f2ab5 100644 |
| --- a/frontends/php/include/classes/html/CIFrame.php |
| +++ b/frontends/php/include/classes/html/CIFrame.php |
| @@ -29,6 +29,7 @@ class CIFrame extends CTag { |
| $this->setHeight($height); |
| $this->setScrolling($scrolling); |
| $this->setId($id); |
| + $this->setSandbox(); |
| } |
| |
| public function setSrc($value = null) { |
| @@ -69,4 +70,10 @@ class CIFrame extends CTag { |
| $this->setAttribute('scrolling', $value); |
| return $this; |
| } |
| + |
| + private function setSandbox() { |
| + if (ZBX_IFRAME_SANDBOX !== false) { |
| + $this->setAttribute('sandbox', ZBX_IFRAME_SANDBOX); |
| + } |
| + } |
| } |
| -- |
| 2.25.1 |
| |