From f6c0c167c0915eb591fb4df843c19d9ceb97169b Mon Sep 17 00:00:00 2001 From: Stanislas Kita Date: Wed, 25 Feb 2026 10:38:29 +0100 Subject: [PATCH 1/2] Fix(Report): fix injection from GLPI Stat --- inc/common.class.php | 2 +- setup.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/inc/common.class.php b/inc/common.class.php index 3e5d7d24..77da066a 100644 --- a/inc/common.class.php +++ b/inc/common.class.php @@ -223,7 +223,7 @@ public function getAllReports($with_url = true, $params = []) if ($with_url) { $reports[$classname]['functions'][$i]['url_graph'] = $url_graph; - $reports[$classname]['functions'][$i]['min_url_graph'] = $min_url_graph; + $reports[$classname]['functions'][$i]['min_url_graph'] = html_entity_decode($min_url_graph, ENT_QUOTES | ENT_HTML5, 'UTF-8'); } $i++; diff --git a/setup.php b/setup.php index 46c45411..74286e1a 100644 --- a/setup.php +++ b/setup.php @@ -127,7 +127,7 @@ function plugin_init_mreporting() } /* Show Reports in standart stats page */ - if (preg_match('#front/stat.*\.php#', $_SERVER['SCRIPT_NAME'])) { + if (preg_match('#front/stat.*\.php#', $_SERVER['REQUEST_URI'])) { $mreporting_common = new PluginMreportingCommon(); $reports = $mreporting_common->getAllReports(); if ($reports !== false) { From 0d0ab559005dada1f53ddb6d3e7965f53ef140c8 Mon Sep 17 00:00:00 2001 From: Stanislas Kita Date: Wed, 25 Feb 2026 10:49:24 +0100 Subject: [PATCH 2/2] adapt CHANGELOG.md --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index e25fd2b7..aa8095dd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/). +## [UNRELEASED] + +### Fixed + +- Fix GLIP Stat injection + ## [1.9.3] - 2026-01-08 ### Fixed