ipinfo.cgi: Remove XSS vulnerability

References: #11087

Reported-by: Yann Cam <yann.cam@gmail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/html/cgi-bin/ipinfo.cgi b/html/cgi-bin/ipinfo.cgi
index 71098a2529f8ed1c1e71cee3cfef06f4c91200b0..8cefe6e853ffc74f82dddfb7c2ecfbfbb9e2862c 100644 (file)
--- a/html/cgi-bin/ipinfo.cgi
+++ b/html/cgi-bin/ipinfo.cgi
@@ -19,6 +19,7 @@
 #                                                                             #
 ###############################################################################
 
+use CGI;
 use IO::Socket;
 use strict;
 
@@ -34,18 +35,14 @@ my %cgiparams=();
 
 &Header::showhttpheaders();
 
-&Header::getcgihash(\%cgiparams);
-
-$ENV{'QUERY_STRING'} =~s/&//g;
-my @addrs = split(/ip=/,$ENV{'QUERY_STRING'});
-
 &Header::openpage($Lang::tr{'ip info'}, 1, '');
-
 &Header::openbigbox('100%', 'left');
 my @lines=();
 my $extraquery='';
-foreach my $addr (@addrs) {
-next if $addr eq "";
+
+my $addr = CGI::param("ip") || "";
+
+if (&General::validip($addr)) {
        $extraquery='';
        @lines=();
        my $whoisname = "whois.arin.net";
@@ -91,6 +88,14 @@ next if $addr eq "";
        }
        print "</pre>\n";
        &Header::closebox();
+} else {
+       &Header::openbox('100%', 'left', $Lang::tr{'invalid ip'});
+       print <<EOF;
+               <p style="text-align: center;">
+                       $Lang::tr{'invalid ip'}
+               </p>
+EOF
+       &Header::closebox();
 }
 
 print <<END