This was printed unescaped and could therefore be used for a stored XSS attack.
Fixes: #12226 Reported-by: Pisher Honda pisher24@gmail.com Signed-off-by: Michael Tremer michael.tremer@ipfire.org --- html/cgi-bin/mail.cgi | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/html/cgi-bin/mail.cgi b/html/cgi-bin/mail.cgi index 07986a4d6..25589046e 100755 --- a/html/cgi-bin/mail.cgi +++ b/html/cgi-bin/mail.cgi @@ -260,21 +260,21 @@ sub checkmailsettings { #Check if mailserver is an ip address or a domain if ($cgiparams{'txt_mailserver'} =~ /^(\d+).(\d+).(\d+).(\d+)$/){ if (! &General::validip($cgiparams{'txt_mailserver'})){ - $errormessage.="$Lang::tr{'email invalid mailip'} $cgiparams{'txt_mailserver'}<br>"; + $errormessage .= $Lang::tr{'email invalid mailip'} . "<br>"; } }elsif(! &General::validfqdn($cgiparams{'txt_mailserver'})){ - $errormessage.="$Lang::tr{'email invalid mailfqdn'} $cgiparams{'txt_mailserver'}<br>"; + $errormessage .= $Lang::tr{'email invalid mailfqdn'} . "<br>"; } #Check valid mailserverport if($cgiparams{'txt_mailport'} < 1 || $cgiparams{'txt_mailport'} > 65535){ - $errormessage.="$Lang::tr{'email invalid mailport'} $cgiparams{'txt_mailport'}<br>"; + $errormessage .= $Lang::tr{'email invalid mailport'} . "<br>"; } #Check valid sender if(! $cgiparams{'txt_mailsender'}){ - $errormessage.="$Lang::tr{'email empty field'} $Lang::tr{'email mailsender'}<br>"; + $errormessage .= $Lang::tr{'email empty field'} . "<br>"; }else{ if (! &General::validemail($cgiparams{'txt_mailsender'})){ - $errormessage.="<br>$Lang::tr{'email invalid'} $Lang::tr{'email mailsender'}<br>"; + $errormessage .= "$Lang::tr{'email invalid'} $Lang::tr{'email mailsender'}<br>"; } } return $errormessage;