Reviewed-by: Bernhard Bitsch <[email protected]> Verified-by: Bernhard Bitsch <[email protected]>
Am 25.09.2025 um 13:12 schrieb Adolf Belka:
Fixes: bug 13880 - cleanhtml() Unchecked Return Value Stored Cross-Site Scripting Signed-off-by: Adolf Belka <[email protected]> --- config/cfgroot/header.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/cfgroot/header.pl b/config/cfgroot/header.pl index 9492b467d..6e65f4137 100644 --- a/config/cfgroot/header.pl +++ b/config/cfgroot/header.pl @@ -647,7 +647,7 @@ sub cleanhtml { # decode the UTF-8 text so that characters with diacritical marks such as # umlauts are treated correctly by the escape command $outstring = &Encode::decode("UTF-8",$outstring); - escape($outstring); + $outstring = escape($outstring); # encode the text back to UTF-8 after running the escape command $outstring = &Encode::encode("UTF-8",$outstring); return $outstring;
