ids.cgi: Escape the remark before sending it back to the browser

author Michael Tremer <michael.tremer@ipfire.org>

Thu, 25 Sep 2025 15:07:36 +0000 (17:07 +0200)

committer Michael Tremer <michael.tremer@ipfire.org>

Thu, 25 Sep 2025 15:34:44 +0000 (17:34 +0200)
author Michael Tremer <michael.tremer@ipfire.org>
Thu, 25 Sep 2025 15:07:36 +0000 (17:07 +0200)
committer Michael Tremer <michael.tremer@ipfire.org>
Thu, 25 Sep 2025 15:34:44 +0000 (17:34 +0200)
diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi

index 9c6b393f677cff43cbb78db440958ba1b7208962..9685b37d04eb26fad8757fdd01f086c11db7ee20 100644 (file)
--- a/html/cgi-bin/ids.cgi
+++ b/html/cgi-bin/ids.cgi
@@ -105,7 +105,7 @@ if (($cgiparams{'WHITELIST'} eq $Lang::tr{'add'}) || ($cgiparams{'WHITELIST'} eq
  
                 # Assign hash values.
                 my $new_entry_address = $cgiparams{'IGNORE_ENTRY_ADDRESS'};
-               my $new_entry_remark = &Header::escape($cgiparams{'IGNORE_ENTRY_REMARK'});
+               my $new_entry_remark = $cgiparams{'IGNORE_ENTRY_REMARK'};
  
                 # Read-in ignoredfile.
                 &General::readhasharray($IDS::ignored_file, \%ignored) if (-e $IDS::ignored_file);
@@ -1525,7 +1525,8 @@ print <<END;
                                 <tr>
                                         <td>$Lang::tr{'remark'}</td>
                                         <td>
-                                               <input type='text' name=IGNORE_ENTRY_REMARK value='$entry_remark' size='24' />
+                                               <input type='text' name=IGNORE_ENTRY_REMARK
+                                                       value='@{[ &Header::escape($entry_remark) ]}' size='24' />
                                         </td>
                                 </tr>
author	Michael Tremer <michael.tremer@ipfire.org>
	Thu, 25 Sep 2025 15:07:36 +0000 (17:07 +0200)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Thu, 25 Sep 2025 15:34:44 +0000 (17:34 +0200)