Reviewed-by: Bernhard Bitsch <[email protected]>
Am 25.09.2025 um 13:12 schrieb Adolf Belka:
Fixes: bug 13878 - IGNORE_ENTRY_REMARK Stored Cross-Site Scripting
Signed-off-by: Adolf Belka <[email protected]>
---
html/cgi-bin/ids.cgi | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi
index 994872564..9c6b393f6 100644
--- a/html/cgi-bin/ids.cgi
+++ b/html/cgi-bin/ids.cgi
@@ -2,7 +2,7 @@
###############################################################################
#
#
# IPFire.org - A linux based firewall
#
-# Copyright (C) 2007-2020 IPFire Team <[email protected]> #
+# Copyright (C) 2007-2025 IPFire Team <[email protected]> #
#
#
# This program is free software: you can redistribute it and/or modify
#
# it under the terms of the GNU General Public License as published by
#
@@ -105,7 +105,7 @@ if (($cgiparams{'WHITELIST'} eq $Lang::tr{'add'}) ||
($cgiparams{'WHITELIST'} eq
# Assign hash values.
my $new_entry_address = $cgiparams{'IGNORE_ENTRY_ADDRESS'};
- my $new_entry_remark = $cgiparams{'IGNORE_ENTRY_REMARK'};
+ my $new_entry_remark =
&Header::escape($cgiparams{'IGNORE_ENTRY_REMARK'});
# Read-in ignoredfile.
&General::readhasharray($IDS::ignored_file, \%ignored) if (-e
$IDS::ignored_file);
