From e43ec7e4c042aa57ee8e2554029dc6b3e1ec40cf Mon Sep 17 00:00:00 2001
From: Jamie Cameron <jcameron@webmin.com>
Date: Tue, 6 Dec 2016 20:35:06 -0800
Subject: [PATCH] HTML escape record values

---
 bind8/log_parser.pl | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/bind8/log_parser.pl b/bind8/log_parser.pl
index d450b1b67..55538502a 100755
--- a/bind8/log_parser.pl
+++ b/bind8/log_parser.pl
@@ -20,15 +20,15 @@ if ($type eq 'record') {
 		    $p->{'newvalues'}) {
 			return &text("log_${action}_record_v",
 				     $text{"type_$p->{'type'}"},
-				     "<tt>$p->{'name'}</tt>",
-				     "<tt>$object</tt>",
-				     "<tt>$p->{'newvalues'}</tt>");
+				     "<tt>".&html_escape($p->{'name'})."</tt>",
+				     "<tt>".&html_escape($object)."</tt>",
+				     "<tt>".&html_escape($p->{'newvalues'})."</tt>");
 			}
 		else {
 			return &text("log_${action}_record",
 				     $text{"type_$p->{'type'}"},
-				     "<tt>$p->{'name'}</tt>",
-				     "<tt>$object</tt>");
+				     "<tt>".&html_escape($p->{'name'})."</tt>",
+				     "<tt>".&html_escape($object)."</tt>");
 			}
 		}
 	}