michael/webmin
1
0
Fork 0
mirror of https://github.com/webmin/webmin.git synced 2026-05-06 15:20:29 +01:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Fix potential stored XSS

Browse Source
This commit is contained in:
Ilia Ross
2026-04-22 13:59:42 +02:00
parent 948f5bfd77
commit cc9c51c42f
2 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
apache/edit_defines.cgi
View File

@@ -11,7 +11,8 @@ print $text{'defines_desc'},"<p>\n";
@defs = &get_httpd_defines(1);
if (@defs) {
print &text('defines_config',
"<tt><b>".join(" ", @defs)."</b></tt>"),"<p>\n";
"<tt><b>".&html_escape(join(" ", @defs))."</b></tt>"),
"<p>\n";
}
print &ui_form_start("save_defines.cgi", "post");

5
apache/edit_global.cgi
View File

@@ -28,7 +28,7 @@ if ($in{'type'} == 6) {
print &ui_hr();
print &ui_subheading($text{'global_mime'});
print "$text{'global_mimedesc'}<p>\n";
@links = ( &ui_link("edit_gmime_type.cgi?file=$mfile",
@links = ( &ui_link("edit_gmime_type.cgi?file=".&urlize($mfile),
$text{'global_add'}) );
print &ui_links_row(\@links);
print &ui_columns_start([ $text{'global_type'},
@@ -41,7 +41,8 @@ if ($in{'type'} == 6) {
if (/^\s*(\S+)\s*(.*)$/) {
print &ui_columns_row([
&ui_link("edit_gmime_type.cgi?line=$line".
"&file=$mfile", $1), $2 ]);
"&file=".&urlize($mfile), &html_escape($1)),
&html_escape($2) ]);
}
$line++;
}