From 52a86fd764c8e6035cce088bfb94b6eb69cb05f5 Mon Sep 17 00:00:00 2001
From: Jamie Cameron <jcameron@webmin.com>
Date: Tue, 18 Mar 2014 21:15:16 -0700
Subject: [PATCH] Escape id parameter, which could contain XSS

---
 inittab/index.cgi | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/inittab/index.cgi b/inittab/index.cgi
index 09d70aa12..bf948e557 100755
--- a/inittab/index.cgi
+++ b/inittab/index.cgi
@@ -22,7 +22,8 @@ print &ui_columns_start([ "",
 			100, 0, \@tds);
 foreach $i (&parse_inittab()) {
 	local @cols;
-	push(@cols, &ui_link("edit_inittab.cgi?id=".$i->{'id'}, &html_escape($i->{'id'})) );
+	push(@cols, &ui_link("edit_inittab.cgi?id=".&urlize($i->{'id'}),
+			     &html_escape($i->{'id'})) );
 	push(@cols, $i->{'comment'} ? "<font color=#ff0000>$text{'no'}</font>"
 				    : $text{'yes'});
 	local @rls = @{$i->{'levels'}};