]> git.ipfire.org Git - ipfire-2.x.git/commitdiff
projects / ipfire-2.x.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0560cc7)
mail.cgi: Escape username/password in the right place
authorMichael Tremer <michael.tremer@ipfire.org>
Thu, 25 Sep 2025 15:19:59 +0000 (17:19 +0200)
committerMichael Tremer <michael.tremer@ipfire.org>
Thu, 2 Oct 2025 16:55:55 +0000 (16:55 +0000)
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
html/cgi-bin/mail.cgi patch | blob | blame | history

diff --git a/html/cgi-bin/mail.cgi b/html/cgi-bin/mail.cgi
index aae4abc31e140d2f6cd2fa2dd0646415a1e54a66..6c024974d70e8a6658c49536804e2200a7a3776f 100644 (file)
--- a/html/cgi-bin/mail.cgi
+++ b/html/cgi-bin/mail.cgi
@@ -102,8 +102,8 @@ if ($cgiparams{'ACTION'} eq "$Lang::tr{'save'}"){ #SaveButton on configsite
                $mail{'RECIPIENT'}              = $cgiparams{'txt_recipient'};
 
                if ($cgiparams{'txt_mailuser'} && $cgiparams{'txt_mailpass'}) {
-                       $auth{'AUTHNAME'}               = &Header::escape($cgiparams{'txt_mailuser'});
-                       $auth{'AUTHPASS'}               = &Header::escape($cgiparams{'txt_mailpass'});
+                       $auth{'AUTHNAME'}               = $cgiparams{'txt_mailuser'};
+                       $auth{'AUTHPASS'}               = $cgiparams{'txt_mailpass'};
                        $auth{'AUTHHOST'}               = $cgiparams{'txt_mailserver'};
                        print TXT1 "$auth{'AUTHNAME'}|$auth{'AUTHHOST'}:$auth{'AUTHPASS'}\n";
                }
@@ -218,11 +218,13 @@ END
                </tr>
                <tr>
                        <td>$Lang::tr{'email mailuser'}</td>
-                       <td><input type='text' name='txt_mailuser' value='$auth{'AUTHNAME'}' style='width:22em;'></td>
+                       <td><input type='text' name='txt_mailuser'
+                               value='@{[ &Header::escape($auth{'AUTHNAME'}) ]}' style='width:22em;'></td>
                </tr>
                <tr>
                        <td>$Lang::tr{'email mailpass'}</td>
-                       <td><input type='password' name='txt_mailpass' value='$auth{'AUTHPASS'}' style='width:22em;' ></td>
+                       <td><input type='password' name='txt_mailpass'
+                               value='@{[ &Header::escape($auth{'AUTHPASS'}) ]}' style='width:22em;' ></td>
                </tr>
                <tr>
                        <td>$Lang::tr{'email tls'}</td>
IPFire 2.x development tree