From: Adolf Belka <adolf.belka@ipfire.org>
Date: Thu, 25 Sep 2025 11:12:51 +0000 (+0200)
Subject: proxy.cgi: Fixes bug 13893
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e6a0ecf248d26c72f015d082e84ecd2772823c08;p=ipfire-2.x.git

proxy.cgi: Fixes bug 13893

Fixes: bug 13893 - proxy.cgi Multiple Parameters Stored Cross-Site Scripting
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi
index bdce2fa66..1ade39381 100644
--- a/html/cgi-bin/proxy.cgi
+++ b/html/cgi-bin/proxy.cgi
@@ -3973,6 +3973,7 @@ END
 	{
 		print FILE " $mainsettings{'HOSTNAME'}.$mainsettings{'DOMAINNAME'}\n\n";
 	} else {
+		$proxysettings{'VISIBLE_HOSTNAME'} = &Header::escape($proxysettings{'VISIBLE_HOSTNAME'});
 		print FILE " $proxysettings{'VISIBLE_HOSTNAME'}\n\n";
 	}