From 2a143f4777e5ec57dfc6c63d55bf80600486efd7 Mon Sep 17 00:00:00 2001
From: Jo-Philipp Wich <jo@mein.io>
Date: Fri, 13 Sep 2019 13:23:23 +0200
Subject: [PATCH] luci-app-firewall: fix stored XSS in rule- and forward detail
 pages

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
---
 .../luasrc/model/cbi/firewall/forward-details.lua               | 2 +-
 .../luasrc/model/cbi/firewall/rule-details.lua                  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/applications/luci-app-firewall/luasrc/model/cbi/firewall/forward-details.lua b/applications/luci-app-firewall/luasrc/model/cbi/firewall/forward-details.lua
index d51f8fb79..bf263bb0b 100644
--- a/applications/luci-app-firewall/luasrc/model/cbi/firewall/forward-details.lua
+++ b/applications/luci-app-firewall/luasrc/model/cbi/firewall/forward-details.lua
@@ -25,7 +25,7 @@ else
 	if not name or #name == 0 then
 		name = translate("(Unnamed Entry)")
 	end
-	m.title = "%s - %s" %{ translate("Firewall - Port Forwards"), name }
+	m.title = "%s - %s" %{ translate("Firewall - Port Forwards"), luci.util.pcdata(name) }
 end
 
 s = m:section(NamedSection, arg[1], "redirect", "")
diff --git a/applications/luci-app-firewall/luasrc/model/cbi/firewall/rule-details.lua b/applications/luci-app-firewall/luasrc/model/cbi/firewall/rule-details.lua
index def01c669..8f2ebf14d 100644
--- a/applications/luci-app-firewall/luasrc/model/cbi/firewall/rule-details.lua
+++ b/applications/luci-app-firewall/luasrc/model/cbi/firewall/rule-details.lua
@@ -39,7 +39,7 @@ elseif rule_type == "redirect" then
 		name = "SNAT %s" % name
 	end
 
-	m.title = "%s - %s" %{ translate("Firewall - Traffic Rules"), name }
+	m.title = "%s - %s" %{ translate("Firewall - Traffic Rules"), luci.util.pcdata(name) }
 
 	s = m:section(NamedSection, arg[1], "redirect", "")
 	s.anonymous = true
-- 
2.25.1