]> git.ipfire.org Git - ipfire-2.x.git/commitdiff
projects / ipfire-2.x.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b46ccb0)
dns.cgi: Fix for XSS potential
authorAdolf Belka <adolf.belka@ipfire.org>
Thu, 2 Oct 2025 11:10:14 +0000 (13:10 +0200)
committerMichael Tremer <michael.tremer@ipfire.org>
Thu, 2 Oct 2025 16:56:15 +0000 (16:56 +0000)
- Related to CVE-2025-50976
- Fixes NAMESERVER & REMARK
- TLS_HOSTNAME was already fixed in a previous patch

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
html/cgi-bin/dns.cgi patch | blob | blame | history

diff --git a/html/cgi-bin/dns.cgi b/html/cgi-bin/dns.cgi
index 883c7efb64abba25e899817e1d99b31f4c24d9c9..29a46d4b664105056a970ebad5cb2526d88ac56e 100644 (file)
--- a/html/cgi-bin/dns.cgi
+++ b/html/cgi-bin/dns.cgi
@@ -775,9 +775,9 @@ sub show_add_edit_nameserver() {
                # Check if an ID has been given.
                if ($cgiparams{'ID'}) {
                        # Assign cgiparams values.
-                       $cgiparams{'NAMESERVER'} = $dns_servers{$cgiparams{'ID'}}[0];
+                       $cgiparams{'NAMESERVER'} = &Header::escape($dns_servers{$cgiparams{'ID'}}[0]);
                        $cgiparams{'TLS_HOSTNAME'} = $dns_servers{$cgiparams{'ID'}}[1];
-                       $cgiparams{'REMARK'} = $dns_servers{$cgiparams{'ID'}}[3];
+                       $cgiparams{'REMARK'} = $Header::escape($dns_servers{$cgiparams{'ID'}}[3]);
                }
        } else {
                &Header::openbox('100%', 'left', $Lang::tr{'dnsforward add a new entry'});
IPFire 2.x development tree