webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

ids.cgi: Fixes bug 13878

Browse Source 
commit 61f447ff341d2f7720fb6c5b483cc9fb063e869c
Author: Michael Tremer <michael.tremer@ipfire.org>
Date:   Thu Sep 25 17:07:36 2025 +0200

    ids.cgi: Escape the remark before sending it back to the browser

    Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit f0015fefe6d2523c5bb9818fa6aeeb064f6e45db
Author: Adolf Belka <adolf.belka@ipfire.org>
Date:   Thu Sep 25 13:12:38 2025 +0200

    ids.cgi: Fixes bug 13878

    Fixes: bug 13878 - IGNORE_ENTRY_REMARK Stored Cross-Site Scripting
    Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
    Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
    Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
This commit is contained in:
Vincent Li
2025-10-03 22:39:08 +00:00
parent 575b5b2535
commit 13dfd638bf
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
html/cgi-bin/ids.cgi
View File

@@ -1404,7 +1404,10 @@ print <<END;
<td width='50%'><input type='text' name='IGNORE_ENTRY_ADDRESS' value='$entry_address' size='24' /></td> <td width='50%'><input type='text' name='IGNORE_ENTRY_ADDRESS' value='$entry_address' size='24' /></td>
<td width='30%'>$Lang::tr{'remark'}: </td> <td width='30%'>$Lang::tr{'remark'}: </td>
<td wicth='50%'><input type='text' name=IGNORE_ENTRY_REMARK value='$entry_remark' size='24' /></td> <td>
<input type='text' name=IGNORE_ENTRY_REMARK
value='@{[ &Header::escape($entry_remark) ]}' size='24' />
</td>
<td align='center' width='20%'><input type='submit' name='WHITELIST' value='$buttontext' /></td> <td align='center' width='20%'><input type='submit' name='WHITELIST' value='$buttontext' /></td>
</tr> </tr>
</form> </form>