fix 2 xss via txt record
Hanno Böck commited on 2014-09-19 10:50:31
Zeige 2 geänderte Dateien mit 2 Einfügungen und 2 Löschungen.
- modules/dns/dns_domain.php e9d83af..c2c1d29
- modules/dns/dns_record_edit.php 1f4b590..5db4d18
| ... | ... |
@@ -69,7 +69,7 @@ foreach ($records AS $rec) |
| 69 | 69 |
if ($editable) {
|
| 70 | 70 |
$link = internal_link('dns_record_edit', $rec['fqdn'], "id={$rec['id']}");
|
| 71 | 71 |
} |
| 72 |
- output("<tr><td>{$link}</td><td>".strtoupper($rec['type'])."</td><td>$data</td><td>{$ttl} Sek.</td><td>".internal_link('dns_record_save', '<img src="'.$prefix.'images/delete.png" width="16" height="16" alt="löschen" title="Record löschen" />', "id={$rec['id']}&action=delete")."</td></tr>\n");
|
|
| 72 |
+ output("<tr><td>{$link}</td><td>".strtoupper($rec['type'])."</td><td>".filter_input_general($data)."</td><td>{$ttl} Sek.</td><td>".internal_link('dns_record_save', '<img src="'.$prefix.'images/delete.png" width="16" height="16" alt="löschen" title="Record löschen" />', "id={$rec['id']}&action=delete")."</td></tr>\n");
|
|
| 73 | 73 |
} |
| 74 | 74 |
foreach ($auto_records AS $rec) |
| 75 | 75 |
{
|
| ... | ... |
@@ -112,7 +112,7 @@ if ($type == 'ptr' || $type == 'cname') |
| 112 | 112 |
if ($type == 'spf' || $type == 'txt') |
| 113 | 113 |
{
|
| 114 | 114 |
$form .= ' |
| 115 |
-<tr><td><label for="data">Inhalt:</label></td><td><input type="text" name="data" id="data" value="'.$data['data'].'" /></td></tr> |
|
| 115 |
+<tr><td><label for="data">Inhalt:</label></td><td><input type="text" name="data" id="data" value="'.filter_input_general($data['data']).'" /></td></tr> |
|
| 116 | 116 |
'; |
| 117 | 117 |
} |
| 118 | 118 |
|
| 119 | 119 |