]> git.ipfire.org Git - ipfire-2.x.git/blobdiff - html/html/clwarn.cgi
projects / ipfire-2.x.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
clwarn.cgi: Remove XSS
[ipfire-2.x.git] / html / html / clwarn.cgi
diff --git a/html/html/clwarn.cgi b/html/html/clwarn.cgi
index 44f7f98abc396cb2819ef1e2087bdb67ee48b700..c7a415cdb81341ffcd9e91e21621750969c85bef 100644 (file)
--- a/html/html/clwarn.cgi
+++ b/html/html/clwarn.cgi
@@ -20,6 +20,7 @@
 ###############################################################################
 
 use CGI qw(param);
+use HTML::Entities();
 
 # enable only the following on debugging purpose
 use warnings;
@@ -30,11 +31,11 @@ $swroot="/var/ipfire";
 
 my $TITLE_VIRUS = "SquidClamAv Virus detection";
 
-my $url = param('url') || '';
-my $virus = param('virus') || '';
-my $source = param('source') || '';
+my $url = &HTML::Entities::encode_entities(param('url') || '');
+my $virus = &HTML::Entities::encode_entities(param('virus') || '');
+my $source = &HTML::Entities::encode_entities(param('source') || '');
 $source =~ s/\/-//;
-my $user = param('user') || '';
+my $user = &HTML::Entities::encode_entities(param('user') || '');
 
 
 # Remove clamd infos
IPFire 2.x development tree