From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Sat, 15 Nov 2025 10:07:56 +0000 (+0100)
Subject: lldp.cgi: Add mission validation for description field
X-Git-Tag: v2.29-core199~17^2~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e9fb498941ca734f1309a4cd25ec17d05b18b206;p=ipfire-2.x.git

lldp.cgi: Add mission validation for description field

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/html/cgi-bin/lldp.cgi b/html/cgi-bin/lldp.cgi
index 755d3dc46..9e30faa92 100644
--- a/html/cgi-bin/lldp.cgi
+++ b/html/cgi-bin/lldp.cgi
@@ -46,8 +46,13 @@ if ($cgiparams{"ACTION"} eq $Lang::tr{'save'}) {
 		$settings{'ENABLED'} = $cgiparams{'ENABLED'};
 	}
 
-	# XXX Validate the description
-	$settings{"DESCRIPTION"} = $cgiparams{"DESCRIPTION"};
+	# Validate the description
+	if (($cgiparams{"DESCRIPTION"} eq "") || ($cgiparams{"DESCRIPTION"} =~ /^[A-Za-z0-9_\-]+$/)) {
+		$settings{"DESCRIPTION"} = $cgiparams{"DESCRIPTION"};
+	} else {
+		# Add error message about invalid characters in description.
+		push(@errormessages, "$Lang::tr{'lldp invalid description'}");
+	}
 
 	# Don't continue on error
 	goto MAIN if (scalar @errormessages);
@@ -81,6 +86,9 @@ MAIN:
 		"ENABLED" => ($settings{"ENABLED"} eq "on") ? "checked" : "",
 	);
 
+	# Description field, defaults to CGI input otherwise use configured description.
+	my $description = $cgiparams{'DESCRIPTION'} // $settings{'DESCRIPTION'};
+
 	print <<END;
 		<form method="POST" action="">
 			<table class="form">
@@ -94,7 +102,7 @@ MAIN:
 				<tr>
 					<td>$Lang::tr{'description'}</td>
 					<td>
-						<input type="text" name="DESCRIPTION" value="$settings{'DESCRIPTION'}" />
+						<input type="text" name="DESCRIPTION" value="$description" />
 					</td>
 				</tr>