firewalllogcountry.dat: Fixes bug 13882

commit 83be14bba7e6867b20d277e52c5bca486aa43162 Author: Michael Tremer <michael.tremer@ipfire.org> Date: Thu Sep 25 17:12:20 2025 +0200 firewalllogcountry.dat: Escape pienumber in the correct place Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> commit 63d971bf688ad70fc82e54aea7a31aa508cf4c28 Author: Adolf Belka <adolf.belka@ipfire.org> Date: Thu Sep 25 13:12:42 2025 +0200 firewalllogcountry.dat: Fixes bug 13882 Fixes: bug 13882 - firewalllogcountry.dat pienumber Stored Cross-Site Scripting Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
2026-04-09 18:45:54 +02:00 · 2025-10-03 22:23:21 +00:00
parent aba6bc1e84
commit a931d86850
1 changed files with 21 additions and 11 deletions
--- a/html/cgi-bin/logs.cgi/firewalllogcountry.dat
+++ b/html/cgi-bin/logs.cgi/firewalllogcountry.dat
@@ -1,14 +1,23 @@
 #!/usr/bin/perl
-#
-# SmoothWall CGIs
-#
-# This code is distributed under the terms of the GPL
-#
-# JC HERITIER
-# page inspired from the initial firewalllog.dat
-#
-# Modified for IPFire by Christian Schmidt
-#			    and Michael Tremer (www.ipfire.org)
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2007-2025  IPFire Team  <info@ipfire.org>                     #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################

 use strict;
 use Getopt::Std;
@@ -270,7 +279,8 @@ print <<END
 </tr>
 <tr>
 	<td colspan='3' align='left' valign="left">$Lang::tr{'Number of Countries for the pie chart'}:</td>
-	<td colspan='3' align='left' valign="center"><input type='text' name='pienumber' value='$pienumber' size='4'></td>
+	<td colspan='3' align='left' valign="center"><input type='text' name='pienumber'
+		value='@{[ &Header::escape($pienumber) ]}' size='4'></td>
 	<td align='right'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>
 </tr>
 </table>