diff mbox series

[02/16] ids.cgi: Fixes bug 13878

Message ID 20250925111252.11893-2-adolf.belka@ipfire.org
State Staged
Commit f0015fefe6d2523c5bb9818fa6aeeb064f6e45db
Headers
Series [01/16] fwhosts.cgi Fix for bug 13876 & bug 13877 |

Commit Message

Adolf Belka 25 Sep 2025, 11:12 a.m. UTC 
Fixes: bug 13878 - IGNORE_ENTRY_REMARK Stored Cross-Site Scripting
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 html/cgi-bin/ids.cgi | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Bernhard Bitsch 25 Sep 2025, 12:51 p.m. UTC | #1 
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>

Am 25.09.2025 um 13:12 schrieb Adolf Belka:
> Fixes: bug 13878 - IGNORE_ENTRY_REMARK Stored Cross-Site Scripting
> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
> ---
>   html/cgi-bin/ids.cgi | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi
> index 994872564..9c6b393f6 100644
> --- a/html/cgi-bin/ids.cgi
> +++ b/html/cgi-bin/ids.cgi
> @@ -2,7 +2,7 @@
>   ###############################################################################
>   #                                                                             #
>   # IPFire.org - A linux based firewall                                         #
> -# Copyright (C) 2007-2020  IPFire Team  <info@ipfire.org>                     #
> +# Copyright (C) 2007-2025  IPFire Team  <info@ipfire.org>                     #
>   #                                                                             #
>   # This program is free software: you can redistribute it and/or modify        #
>   # it under the terms of the GNU General Public License as published by        #
> @@ -105,7 +105,7 @@ if (($cgiparams{'WHITELIST'} eq $Lang::tr{'add'}) || ($cgiparams{'WHITELIST'} eq
>   
>   		# Assign hash values.
>   		my $new_entry_address = $cgiparams{'IGNORE_ENTRY_ADDRESS'};
> -		my $new_entry_remark = $cgiparams{'IGNORE_ENTRY_REMARK'};
> +		my $new_entry_remark = &Header::escape($cgiparams{'IGNORE_ENTRY_REMARK'});
>   
>   		# Read-in ignoredfile.
>   		&General::readhasharray($IDS::ignored_file, \%ignored) if (-e $IDS::ignored_file);
diff mbox series

Patch

diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi
index 994872564..9c6b393f6 100644
--- a/html/cgi-bin/ids.cgi
+++ b/html/cgi-bin/ids.cgi
@@ -2,7 +2,7 @@ 
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2020  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2025  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -105,7 +105,7 @@  if (($cgiparams{'WHITELIST'} eq $Lang::tr{'add'}) || ($cgiparams{'WHITELIST'} eq
 
 		# Assign hash values.
 		my $new_entry_address = $cgiparams{'IGNORE_ENTRY_ADDRESS'};
-		my $new_entry_remark = $cgiparams{'IGNORE_ENTRY_REMARK'};
+		my $new_entry_remark = &Header::escape($cgiparams{'IGNORE_ENTRY_REMARK'});
 
 		# Read-in ignoredfile.
 		&General::readhasharray($IDS::ignored_file, \%ignored) if (-e $IDS::ignored_file);