From 537587ae64469adedc32abcaa98d5704250cd72e Mon Sep 17 00:00:00 2001
From: Vincent Li <vincent.mc.li@gmail.com>
Date: Thu, 9 Oct 2025 17:33:25 +0000
Subject: [PATCH] ddns.cgi: Fixes bug 13884

commit 0b946b848c72511922fa211b6a4db0da092d204c
Author: Michael Tremer <michael.tremer@ipfire.org>
Date:   Thu Sep 25 16:37:27 2025 +0200

    ddns.cgi: Escape the variables when they are being sent back to the browser

    Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

commit 67db35c8a536b54d169336269853aaa6eae85ab5
Author: Adolf Belka <adolf.belka@ipfire.org>
Date:   Thu Sep 25 13:12:44 2025 +0200

    ddns.cgi: Fixes bug 13884

    Fixes: bug 13884 - ddns.cgi LOGIN PASSWORD SERVICE Stored Cross-Site Scripting
    Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
    Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
    Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
---
 html/cgi-bin/ddns.cgi | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/html/cgi-bin/ddns.cgi b/html/cgi-bin/ddns.cgi
index 0e3ccbe45..319ec09b7 100644
--- a/html/cgi-bin/ddns.cgi
+++ b/html/cgi-bin/ddns.cgi
@@ -523,17 +523,19 @@ print <<END
 		<td><input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>
 
 		<td class='username'>$Lang::tr{'username'}</td>
-		<td class='username'><input type='text' name='LOGIN' value='$settings{'LOGIN'}' /></td>
+		<td class='username'><input type='text' name='LOGIN'
+			value='@{[ &Header::escape($settings{'LOGIN'}) ]}' /></td>
 
 		<td class='token' style='display:none'>$Lang::tr{'token'}</td>
-		<td class='token' style='display:none'><input type='text' name='TOKEN' value='$settings{'TOKEN'}' /></td>
+		<td class='token' style='display:none'><input type='text' name='TOKEN'
+			value='@{[ &Header::escape($settings{'TOKEN'}) ]}' /></td>
 	</tr>
 
 	<tr class='password'>
 		<td class='base'></td>
 		<td></td>
 		<td class='base'>$Lang::tr{'password'}</td>
-		<td><input type='password' name='PASSWORD' value='$settings{'PASSWORD'}' /></td>
+		<td><input type='password' name='PASSWORD' value='@{[ &Header::escape($settings{'PASSWORD'}) ]}' /></td>
 	</tr>
 </table>
 <br>