[07/16] time.cgi: Fixes bug 13883
Commit Message
Fixes: bug 13883 - time.cgi UPDATE_VALUE Stored Cross-Site Scripting
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
html/cgi-bin/time.cgi | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
Comments
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Am 25.09.2025 um 13:12 schrieb Adolf Belka:
> Fixes: bug 13883 - time.cgi UPDATE_VALUE Stored Cross-Site Scripting
> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
> ---
> html/cgi-bin/time.cgi | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/html/cgi-bin/time.cgi b/html/cgi-bin/time.cgi
> index 04c1e771f..d465354bb 100644
> --- a/html/cgi-bin/time.cgi
> +++ b/html/cgi-bin/time.cgi
> @@ -2,7 +2,7 @@
> ###############################################################################
> # #
> # IPFire.org - A linux based firewall #
> -# Copyright (C) 2010 IPFire Team #
> +# Copyright (C) 2010-2025 IPFire Team <info@ipfire.org> #
> # #
> # This program is free software: you can redistribute it and/or modify #
> # it under the terms of the GNU General Public License as published by #
> @@ -78,6 +78,7 @@ if ($timesettings{'ACTION'} eq $Lang::tr{'save'})
> if (!($timesettings{'UPDATE_VALUE'} =~ /^\d+$/) || $timesettings{'UPDATE_VALUE'} <= 0)
> {
> $errormessage = $Lang::tr{'invalid time period'};
> + $timesettings{'UPDATE_VALUE'} = 0;
> goto ERROR;
> }
>
@@ -2,7 +2,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2010 IPFire Team #
+# Copyright (C) 2010-2025 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -78,6 +78,7 @@ if ($timesettings{'ACTION'} eq $Lang::tr{'save'})
if (!($timesettings{'UPDATE_VALUE'} =~ /^\d+$/) || $timesettings{'UPDATE_VALUE'} <= 0)
{
$errormessage = $Lang::tr{'invalid time period'};
+ $timesettings{'UPDATE_VALUE'} = 0;
goto ERROR;
}