ids.cgi: Fixes bug 13878

Fixes: bug 13878 - IGNORE_ENTRY_REMARK Stored Cross-Site Scripting
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi
index 99487256471f5abb4f84a2c5c40eaa8c4a23b12d..9c6b393f677cff43cbb78db440958ba1b7208962 100644 (file)
--- a/html/cgi-bin/ids.cgi
+++ b/html/cgi-bin/ids.cgi
@@ -2,7 +2,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2020  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2025  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -105,7 +105,7 @@ if (($cgiparams{'WHITELIST'} eq $Lang::tr{'add'}) || ($cgiparams{'WHITELIST'} eq
 
                # Assign hash values.
                my $new_entry_address = $cgiparams{'IGNORE_ENTRY_ADDRESS'};
-               my $new_entry_remark = $cgiparams{'IGNORE_ENTRY_REMARK'};
+               my $new_entry_remark = &Header::escape($cgiparams{'IGNORE_ENTRY_REMARK'});
 
                # Read-in ignoredfile.
                &General::readhasharray($IDS::ignored_file, \%ignored) if (-e $IDS::ignored_file);