Fixes: bug 13883 - time.cgi UPDATE_VALUE Stored Cross-Site Scripting Signed-off-by: Adolf Belka <[email protected]> --- html/cgi-bin/time.cgi | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/html/cgi-bin/time.cgi b/html/cgi-bin/time.cgi index 04c1e771f..d465354bb 100644 --- a/html/cgi-bin/time.cgi +++ b/html/cgi-bin/time.cgi @@ -2,7 +2,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2010 IPFire Team # +# Copyright (C) 2010-2025 IPFire Team <[email protected]> # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -78,6 +78,7 @@ if ($timesettings{'ACTION'} eq $Lang::tr{'save'}) if (!($timesettings{'UPDATE_VALUE'} =~ /^\d+$/) || $timesettings{'UPDATE_VALUE'} <= 0) { $errormessage = $Lang::tr{'invalid time period'}; + $timesettings{'UPDATE_VALUE'} = 0; goto ERROR; } -- 2.51.0
