ids.cgi: Fixes bug 13878

commit 61f447ff341d2f7720fb6c5b483cc9fb063e869c Author: Michael Tremer <michael.tremer@ipfire.org> Date: Thu Sep 25 17:07:36 2025 +0200 ids.cgi: Escape the remark before sending it back to the browser Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> commit f0015fefe6d2523c5bb9818fa6aeeb064f6e45db Author: Adolf Belka <adolf.belka@ipfire.org> Date: Thu Sep 25 13:12:38 2025 +0200 ids.cgi: Fixes bug 13878 Fixes: bug 13878 - IGNORE_ENTRY_REMARK Stored Cross-Site Scripting Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
2026-04-09 10:35:53 +02:00 · 2025-10-03 22:39:08 +00:00
parent 575b5b2535
commit 13dfd638bf
1 changed files with 4 additions and 1 deletions
--- a/html/cgi-bin/ids.cgi
+++ b/html/cgi-bin/ids.cgi
@@ -1404,7 +1404,10 @@ print <<END;
 					<td width='50%'><input type='text' name='IGNORE_ENTRY_ADDRESS' value='$entry_address' size='24' /></td>

 					<td width='30%'>$Lang::tr{'remark'}: </td>
-					<td wicth='50%'><input type='text' name=IGNORE_ENTRY_REMARK value='$entry_remark' size='24' /></td>
+                                        <td>
+                                                <input type='text' name=IGNORE_ENTRY_REMARK
+                                                        value='@{[ &Header::escape($entry_remark) ]}' size='24' />
+                                        </td>
 					<td align='center' width='20%'><input type='submit' name='WHITELIST' value='$buttontext' /></td>
 				</tr>
 				</form>