Fixes: bug 13878 - IGNORE_ENTRY_REMARK Stored Cross-Site Scripting Signed-off-by: Adolf Belka <[email protected]> --- html/cgi-bin/ids.cgi | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi index 994872564..9c6b393f6 100644 --- a/html/cgi-bin/ids.cgi +++ b/html/cgi-bin/ids.cgi @@ -2,7 +2,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2020 IPFire Team <[email protected]> # +# Copyright (C) 2007-2025 IPFire Team <[email protected]> # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -105,7 +105,7 @@ if (($cgiparams{'WHITELIST'} eq $Lang::tr{'add'}) || ($cgiparams{'WHITELIST'} eq # Assign hash values. my $new_entry_address = $cgiparams{'IGNORE_ENTRY_ADDRESS'}; - my $new_entry_remark = $cgiparams{'IGNORE_ENTRY_REMARK'}; + my $new_entry_remark = &Header::escape($cgiparams{'IGNORE_ENTRY_REMARK'}); # Read-in ignoredfile. &General::readhasharray($IDS::ignored_file, \%ignored) if (-e $IDS::ignored_file); -- 2.51.0
