mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-09 10:35:53 +02:00
mail.cgi: Fixes bug 13891
commit 89585e76a2cade43c5fa397f4e2b86f605439659 Author: Michael Tremer <michael.tremer@ipfire.org> Date: Thu Sep 25 17:19:59 2025 +0200 mail.cgi: Escape username/password in the right place Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> commit 43b4ba3768db5e46b95c263accb5b26e90df8a08 Author: Adolf Belka <adolf.belka@ipfire.org> Date: Thu Sep 25 13:12:49 2025 +0200 mail.cgi: Fixes bug 13891 Fixes: bug 13891 - mail.cgi txt_mailuser txt_mailpass Stored Cross-Site Scripting Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
This commit is contained in:
Vincent Li
@@ -2,7 +2,7 @@
|
||||
###############################################################################
|
||||
# #
|
||||
# IPFire.org - A linux based firewall #
|
||||
# Copyright (C) 2007-2020 IPFire Team <info@ipfire.org> #
|
||||
# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> #
|
||||
# #
|
||||
# This program is free software: you can redistribute it and/or modify #
|
||||
# it under the terms of the GNU General Public License as published by #
|
||||
@@ -218,11 +218,13 @@ END
|
||||
</tr>
|
||||
<tr>
|
||||
<td>$Lang::tr{'email mailuser'}</td>
|
||||
<td><input type='text' name='txt_mailuser' value='$auth{'AUTHNAME'}' style='width:22em;'></td>
|
||||
<td><input type='text' name='txt_mailuser'
|
||||
value='@{[ &Header::escape($auth{'AUTHNAME'}) ]}' style='width:22em;'></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>$Lang::tr{'email mailpass'}</td>
|
||||
<td><input type='password' name='txt_mailpass' value='$auth{'AUTHPASS'}' style='width:22em;' ></td>
|
||||
<td><input type='password' name='txt_mailpass'
|
||||
value='@{[ &Header::escape($auth{'AUTHPASS'}) ]}' style='width:22em;' ></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>$Lang::tr{'email tls'}</td>
|
||||
|
||||
Reference in New Issue
Block a user