Fixes: bug 13892 - dns.cgi TLS_HOSTNAME Stored Cross-Site Scripting Signed-off-by: Adolf Belka <[email protected]> --- html/cgi-bin/dns.cgi | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/html/cgi-bin/dns.cgi b/html/cgi-bin/dns.cgi index 0d3b14797..a4f1c719e 100644 --- a/html/cgi-bin/dns.cgi +++ b/html/cgi-bin/dns.cgi @@ -2,7 +2,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2005-2024 IPFire Team <[email protected]> # +# Copyright (C) 2005-2025 IPFire Team <[email protected]> # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -187,6 +187,7 @@ if (($cgiparams{'SERVERS'} eq $Lang::tr{'save'}) || ($cgiparams{'SERVERS'} eq $L } # Add/Modify the entry to/in the dns_servers hash. + $cgiparams{'TLS_HOSTNAME'} = &Header::escape($cgiparams{'TLS_HOSTNAME'}); $dns_servers{$id} = ["$cgiparams{'NAMESERVER'}", "$cgiparams{'TLS_HOSTNAME'}", "$status", "$cgiparams{'REMARK'}"]; # Write the changed hash to the config file. -- 2.51.0
