From cc9c51c42f3f89504dc68c6fb89edbb70979fdf5 Mon Sep 17 00:00:00 2001
From: Ilia Ross <ilia@ross.gdn>
Date: Wed, 22 Apr 2026 13:59:42 +0200
Subject: [PATCH] Fix potential stored XSS

---
 apache/edit_defines.cgi | 3 ++-
 apache/edit_global.cgi  | 5 +++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/apache/edit_defines.cgi b/apache/edit_defines.cgi
index f10176283..0b6859e30 100755
--- a/apache/edit_defines.cgi
+++ b/apache/edit_defines.cgi
@@ -11,7 +11,8 @@ print $text{'defines_desc'},"<p>\n";
 @defs = &get_httpd_defines(1);
 if (@defs) {
 	print &text('defines_config',
-		  "<tt><b>".join(" ", @defs)."</b></tt>"),"<p>\n";
+		  "<tt><b>".&html_escape(join(" ", @defs))."</b></tt>"),
+	      "<p>\n";
 	}
 
 print &ui_form_start("save_defines.cgi", "post");
diff --git a/apache/edit_global.cgi b/apache/edit_global.cgi
index 5b5adb1e6..93df0561b 100755
--- a/apache/edit_global.cgi
+++ b/apache/edit_global.cgi
@@ -28,7 +28,7 @@ if ($in{'type'} == 6) {
 	print &ui_hr();
 	print &ui_subheading($text{'global_mime'});
 	print "$text{'global_mimedesc'}<p>\n";
-	@links = ( &ui_link("edit_gmime_type.cgi?file=$mfile",
+	@links = ( &ui_link("edit_gmime_type.cgi?file=".&urlize($mfile),
 	           $text{'global_add'}) );
 	print &ui_links_row(\@links);
 	print &ui_columns_start([ $text{'global_type'},
@@ -41,7 +41,8 @@ if ($in{'type'} == 6) {
 		if (/^\s*(\S+)\s*(.*)$/) {
 			print &ui_columns_row([
 				&ui_link("edit_gmime_type.cgi?line=$line".
-				"&file=$mfile", $1), $2 ]);
+				"&file=".&urlize($mfile), &html_escape($1)),
+				&html_escape($2) ]);
 			}
 		$line++;
 		}