]> git.ipfire.org Git - people/teissler/ipfire-2.x.git/commitdiff
projects / people / teissler / ipfire-2.x.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (from parent 1: 8b33e59)
proxylog.dat: Escape usernames.
authorMichael Tremer <michael.tremer@ipfire.org>
Tue, 20 Aug 2013 09:06:36 +0000 (11:06 +0200)
committerMichael Tremer <michael.tremer@ipfire.org>
Tue, 20 Aug 2013 09:06:36 +0000 (11:06 +0200)
Bug #10406.

html/cgi-bin/logs.cgi/proxylog.dat patch | blob | blame | history

diff --git a/html/cgi-bin/logs.cgi/proxylog.dat b/html/cgi-bin/logs.cgi/proxylog.dat
index e529be061df78e9f4419e3ebddb6d1cf14cf3209..da86f8917394ceebf230ac4ddefab149a0d330da 100644 (file)
--- a/html/cgi-bin/logs.cgi/proxylog.dat
+++ b/html/cgi-bin/logs.cgi/proxylog.dat
@@ -90,7 +90,7 @@ if ($ENV{'QUERY_STRING'} && $cgiparams{'ACTION'} ne $Lang::tr{'update'})
        $cgiparams{'MONTH'} = $temp[1];
        $cgiparams{'DAY'} = $temp[2];  
        $cgiparams{'SOURCE_IP'} = $temp[3];
-       $cgiparams{'USERNAME'} = $temp[4];
+       $cgiparams{'USERNAME'} = &Header::escape($temp[4]);
 }
 
 if (!($cgiparams{'MONTH'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11)$/) ||
@@ -383,6 +383,7 @@ print <<END
 END
 ;
 foreach my $so (sort keys %users) {
+       $so = &Header::escape($so);
        print "<option value='$so' $selected{'USERNAME'}{$so}>$so</option>\n"; }
 print <<END
        </select>
Timo's tree of IPFire 2.x