From: Adolf Belka <adolf.belka@ipfire.org>
Date: Thu, 25 Sep 2025 11:12:38 +0000 (+0200)
Subject: ids.cgi: Fixes bug 13878
X-Git-Tag: v2.29-core198~42
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=eb257423df48f233312d06b2a7cd48cf5dfd21fd;p=ipfire-2.x.git

ids.cgi: Fixes bug 13878

Fixes: bug 13878 - IGNORE_ENTRY_REMARK Stored Cross-Site Scripting
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi
index 994872564..9c6b393f6 100644
--- a/html/cgi-bin/ids.cgi
+++ b/html/cgi-bin/ids.cgi
@@ -2,7 +2,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2020  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2025  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -105,7 +105,7 @@ if (($cgiparams{'WHITELIST'} eq $Lang::tr{'add'}) || ($cgiparams{'WHITELIST'} eq
 
 		# Assign hash values.
 		my $new_entry_address = $cgiparams{'IGNORE_ENTRY_ADDRESS'};
-		my $new_entry_remark = $cgiparams{'IGNORE_ENTRY_REMARK'};
+		my $new_entry_remark = &Header::escape($cgiparams{'IGNORE_ENTRY_REMARK'});
 
 		# Read-in ignoredfile.
 		&General::readhasharray($IDS::ignored_file, \%ignored) if (-e $IDS::ignored_file);