firewalllogip.dat: Fixes bug 13881

commit 82ad6e9bc3287577b0b72af71ea7651ba416b97b Author: Michael Tremer <michael.tremer@ipfire.org> Date: Thu Sep 25 17:10:56 2025 +0200 firewalllogip.dat: Escape pienumber in the right place Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> commit 3e198e43a67421fa21b94b0c6dbb5ceb9314f293 Author: Adolf Belka <adolf.belka@ipfire.org> Date: Thu Sep 25 13:12:41 2025 +0200 firewalllogip.dat: Fixes bug 13881 Fixes: bug 13881 - firewalllogip.dat pienumber Stored Cross-Site Scripting Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
2026-04-09 18:45:54 +02:00 · 2025-10-03 22:34:19 +00:00
parent a931d86850
commit 575b5b2535
1 changed files with 21 additions and 11 deletions
--- a/html/cgi-bin/logs.cgi/firewalllogip.dat
+++ b/html/cgi-bin/logs.cgi/firewalllogip.dat
@@ -1,14 +1,23 @@
 #!/usr/bin/perl
-#
+###############################################################################
-# SmoothWall CGIs
+#                                                                             #
-#
+# IPFire.org - A linux based firewall                                         #
-# This code is distributed under the terms of the GPL
+# Copyright (C) 2007-2025  IPFire Team  <info@ipfire.org>                     #
-#
+#                                                                             #
-# JC HERITIER
+# This program is free software: you can redistribute it and/or modify        #
-# page inspired from the initial firewalllog.dat
+# it under the terms of the GNU General Public License as published by        #
-#
+# the Free Software Foundation, either version 3 of the License, or           #
-# Modified for IPFire by Christian Schmidt
+# (at your option) any later version.                                         #
-#	                    and Michael Tremer (www.ipfire.org)
+#                                                                             #
 # This program is distributed in the hope that it will be useful,             #
 # but WITHOUT ANY WARRANTY; without even the implied warranty of              #
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
 # GNU General Public License for more details.                                #
 #                                                                             #
 # You should have received a copy of the GNU General Public License           #
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
 #                                                                             #
 ###############################################################################
 use strict;
 use Getopt::Std;
@@ -272,7 +281,8 @@ print <<END
 </tr>
 <tr>
 	<td colspan='3' align='left' valign="left">$Lang::tr{'Number of IPs for the pie chart'}:</td>
-	<td colspan='3' align='left' valign="center"><input type='text' name='pienumber' value='$pienumber' size='4'></td>
+	<td colspan='3' align='left' valign="center"><input type='text' name='pienumber'
 		value='@{[ &Header::escape($pienumber) ]}' size='4'></td>
 	<td align='right'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
 </tr>
 </table>