| Message ID | 20250925111252.11893-4-adolf.belka@ipfire.org |
|---|---|
| State | Staged |
| Commit | fa97bae01cc2ada209e8559e48c25298fe628181 |
| Headers |
Return-Path: <development+bounces-1073-patchwork=ipfire.org@lists.ipfire.org> Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail01.haj.ipfire.org", Issuer "R13" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4cXWKs6mf0z3xF1 for <patchwork@web04.haj.ipfire.org>; Thu, 25 Sep 2025 11:13:21 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [IPv6:2001:678:b28::201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail02.haj.ipfire.org", Issuer "E8" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4cXWKr4bKSz45m for <patchwork@ipfire.org>; Thu, 25 Sep 2025 11:13:20 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [IPv6:::1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4cXWKq003Lz337n for <patchwork@ipfire.org>; Thu, 25 Sep 2025 11:13:18 +0000 (UTC) X-Original-To: development@lists.ipfire.org Received: from mail01.ipfire.org (mail01.haj.ipfire.org [IPv6:2001:678:b28::25]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R13" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4cXWKm2TqWz32cx for <development@lists.ipfire.org>; Thu, 25 Sep 2025 11:13:16 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4cXWKl4SBDz3R5; Thu, 25 Sep 2025 11:13:15 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1758798795; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=dIV1lOSHKaAyj/4VewCNflfvFm+fx+fdC/bTZR40j5M=; b=rsHVU33gcimHJ/YPAmGeDL8jsIsaNXuncfb6xJUTEycCeH/spWSOJxnsY+dj+7FzGEp5S8 u4FAmLX8c5JUt9DA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1758798795; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=dIV1lOSHKaAyj/4VewCNflfvFm+fx+fdC/bTZR40j5M=; b=Ra76DIELEvt1w02vkZ8fRZrvaUKIni6cm6Vr5/WlxyYuQ74BKf0DRKC7msCrVxksCL4abU S7b5oFQQ+P6E3iaKmbYPpfNSsDMn/SnFlTPvQXLAE9fT5u/kDJ6ibIVwymqNef+x05RggF lwWWC9TboSnaVIqwLV9RVvtnJBerPuRnId25D1UnBx09AjYDt6WTmoDAIgqLbBnT46cttu kv8mJFHDmKhVfnuGCIk2wpXa9VwSeyOjU63zD7oJhNx7HEpAyg91zjqMm0GthK5gkAFuB5 xT9/1qpaVAJTgDNvG6tchJJElis2lskSA0p6tTA9wxZkmUSs3eIcDuUpDT4aIw== From: Adolf Belka <adolf.belka@ipfire.org> To: development@lists.ipfire.org Cc: Adolf Belka <adolf.belka@ipfire.org> Subject: [PATCH 04/16] header.pl: Fixes bug 13880 Date: Thu, 25 Sep 2025 13:12:40 +0200 Message-ID: <20250925111252.11893-4-adolf.belka@ipfire.org> In-Reply-To: <20250925111252.11893-1-adolf.belka@ipfire.org> References: <20250925111252.11893-1-adolf.belka@ipfire.org> Precedence: list List-Id: <development.lists.ipfire.org> List-Subscribe: <https://lists.ipfire.org/>, <mailto:development+subscribe@lists.ipfire.org?subject=subscribe> List-Unsubscribe: <https://lists.ipfire.org/>, <mailto:development+unsubscribe@lists.ipfire.org?subject=unsubscribe> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development+help@lists.ipfire.org?subject=help> Sender: <development@lists.ipfire.org> Mail-Followup-To: <development@lists.ipfire.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit |
| Series |
[01/16] fwhosts.cgi Fix for bug 13876 & bug 13877
|
|
Commit Message
Adolf Belka
25 Sep 2025, 11:12 a.m. UTC
Fixes: bug 13880 - cleanhtml() Unchecked Return Value Stored Cross-Site Scripting
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
config/cfgroot/header.pl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Comments
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org> Verified-by: Bernhard Bitsch <bbitsch@ipfire.org> Am 25.09.2025 um 13:12 schrieb Adolf Belka: > Fixes: bug 13880 - cleanhtml() Unchecked Return Value Stored Cross-Site Scripting > Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> > --- > config/cfgroot/header.pl | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/config/cfgroot/header.pl b/config/cfgroot/header.pl > index 9492b467d..6e65f4137 100644 > --- a/config/cfgroot/header.pl > +++ b/config/cfgroot/header.pl > @@ -647,7 +647,7 @@ sub cleanhtml { > # decode the UTF-8 text so that characters with diacritical marks such as > # umlauts are treated correctly by the escape command > $outstring = &Encode::decode("UTF-8",$outstring); > - escape($outstring); > + $outstring = escape($outstring); > # encode the text back to UTF-8 after running the escape command > $outstring = &Encode::encode("UTF-8",$outstring); > return $outstring;
diff --git a/config/cfgroot/header.pl b/config/cfgroot/header.pl index 9492b467d..6e65f4137 100644 --- a/config/cfgroot/header.pl +++ b/config/cfgroot/header.pl @@ -647,7 +647,7 @@ sub cleanhtml { # decode the UTF-8 text so that characters with diacritical marks such as # umlauts are treated correctly by the escape command $outstring = &Encode::decode("UTF-8",$outstring); - escape($outstring); + $outstring = escape($outstring); # encode the text back to UTF-8 after running the escape command $outstring = &Encode::encode("UTF-8",$outstring); return $outstring;