Fixes: #12966 Reported-by: Arthur Naullet arthur.naullet@epita.fr Reported-by: Rafael Lima isec-researcher@protonmail.com Signed-off-by: Michael Tremer michael.tremer@ipfire.org --- html/html/clwarn.cgi | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/html/html/clwarn.cgi b/html/html/clwarn.cgi index 44f7f98ab..c7a415cdb 100644 --- a/html/html/clwarn.cgi +++ b/html/html/clwarn.cgi @@ -20,6 +20,7 @@ ###############################################################################
use CGI qw(param); +use HTML::Entities();
# enable only the following on debugging purpose use warnings; @@ -30,11 +31,11 @@ $swroot="/var/ipfire";
my $TITLE_VIRUS = "SquidClamAv Virus detection";
-my $url = param('url') || ''; -my $virus = param('virus') || ''; -my $source = param('source') || ''; +my $url = &HTML::Entities::encode_entities(param('url') || ''); +my $virus = &HTML::Entities::encode_entities(param('virus') || ''); +my $source = &HTML::Entities::encode_entities(param('source') || ''); $source =~ s//-//; -my $user = param('user') || ''; +my $user = &HTML::Entities::encode_entities(param('user') || '');
# Remove clamd infos