From f0015fefe6d2523c5bb9818fa6aeeb064f6e45db Mon Sep 17 00:00:00 2001
From: Adolf Belka <adolf.belka@ipfire.org>
Date: Thu, 25 Sep 2025 13:12:38 +0200
Subject: [PATCH] ids.cgi: Fixes bug 13878

Fixes: bug 13878 - IGNORE_ENTRY_REMARK Stored Cross-Site Scripting
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 html/cgi-bin/ids.cgi | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi
index 994872564..9c6b393f6 100644
--- a/html/cgi-bin/ids.cgi
+++ b/html/cgi-bin/ids.cgi
@@ -2,7 +2,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2020  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2025  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -105,7 +105,7 @@ if (($cgiparams{'WHITELIST'} eq $Lang::tr{'add'}) || ($cgiparams{'WHITELIST'} eq
 
 		# Assign hash values.
 		my $new_entry_address = $cgiparams{'IGNORE_ENTRY_ADDRESS'};
-		my $new_entry_remark = $cgiparams{'IGNORE_ENTRY_REMARK'};
+		my $new_entry_remark = &Header::escape($cgiparams{'IGNORE_ENTRY_REMARK'});
 
 		# Read-in ignoredfile.
 		&General::readhasharray($IDS::ignored_file, \%ignored) if (-e $IDS::ignored_file);
-- 
2.47.3