From ff9348c05635af2e61a9ca34f4a400f3d6d2334c Mon Sep 17 00:00:00 2001
From: Ilia Ross <ilia@ross.gdn>
Date: Sat, 8 Nov 2025 18:26:35 +0200
Subject: [PATCH] Fix to filter out user passed page

[no-build]
---
 pam_login.cgi     | 1 +
 session_login.cgi | 1 +
 2 files changed, 2 insertions(+)

diff --git a/pam_login.cgi b/pam_login.cgi
index b859f9fa1..e0d139021 100755
--- a/pam_login.cgi
+++ b/pam_login.cgi
@@ -32,6 +32,7 @@ if ($gconfig{'loginbanner'} && $ENV{'HTTP_COOKIE'} !~ /banner=1/ &&
 	print "Set-Cookie: banner=1; path=/\r\n";
 	&PrintHeader();
 	$url = $in{'page'};
+	$url = &filter_javascript($url);
 	open(BANNER, "<$gconfig{'loginbanner'}");
 	while(<BANNER>) {
 		s/LOGINURL/$url/g;
diff --git a/session_login.cgi b/session_login.cgi
index 1a9ac5fbf..ec7851bdf 100755
--- a/session_login.cgi
+++ b/session_login.cgi
@@ -40,6 +40,7 @@ if ($gconfig{'loginbanner'} && $ENV{'HTTP_COOKIE'} !~ /banner=1/ &&
 	print "Set-Cookie: banner=1; path=/".$sec."\r\n";
 	&PrintHeader();
 	$url = $in{'page'};
+	$url = &filter_javascript($url);
 	open(BANNER, "<$gconfig{'loginbanner'}");
 	while(<BANNER>) {
 		s/LOGINURL/$url/g;