Fixes: bug 13884 - ddns.cgi LOGIN PASSWORD SERVICE Stored Cross-Site Scripting Signed-off-by: Adolf Belka <[email protected]> --- html/cgi-bin/ddns.cgi | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/html/cgi-bin/ddns.cgi b/html/cgi-bin/ddns.cgi index 34475b75c..60565da3f 100644 --- a/html/cgi-bin/ddns.cgi +++ b/html/cgi-bin/ddns.cgi @@ -2,7 +2,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2014 IPFire Team <[email protected]> # +# Copyright (C) 2007-2025 IPFire Team <[email protected]> # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -226,6 +226,9 @@ if (($settings{'ACTION'} eq $Lang::tr{'add'}) || ($settings{'ACTION'} eq $Lang:: flock FILE, 2; # Add account data to the file. + $settings{'SERVICE'} = &Header::escape(($settings{'SERVICE'}); + $settings{'LOGIN'} = &Header::escape(($settings{'LOGIN'}); + $settings{'PASSWORD'} = &Header::escape(($settings{'PASSWORD'}); print FILE "$settings{'SERVICE'},$hostname,$domain,$settings{'PROXY'},$settings{'WILDCARDS'},$settings{'LOGIN'},$settings{'PASSWORD'},$settings{'ENABLED'}\n"; # Close file after writing. -- 2.51.0
