Fix to filter out user passed page

[no-build]
2026-02-03 06:03:28 +00:00 · 2025-11-08 18:26:35 +02:00
parent 2051bfe6dc
commit ff9348c056
2 changed files with 2 additions and 0 deletions
--- a/pam_login.cgi
+++ b/pam_login.cgi
@@ -32,6 +32,7 @@ if ($gconfig{'loginbanner'} && $ENV{'HTTP_COOKIE'} !~ /banner=1/ &&
 	print "Set-Cookie: banner=1; path=/\r\n";
 	&PrintHeader();
 	$url = $in{'page'};
+	$url = &filter_javascript($url);
 	open(BANNER, "<$gconfig{'loginbanner'}");
 	while(<BANNER>) {
 		s/LOGINURL/$url/g;
--- a/session_login.cgi
+++ b/session_login.cgi
@@ -40,6 +40,7 @@ if ($gconfig{'loginbanner'} && $ENV{'HTTP_COOKIE'} !~ /banner=1/ &&
 	print "Set-Cookie: banner=1; path=/".$sec."\r\n";
 	&PrintHeader();
 	$url = $in{'page'};
+	$url = &filter_javascript($url);
 	open(BANNER, "<$gconfig{'loginbanner'}");
 	while(<BANNER>) {
 		s/LOGINURL/$url/g;