From c048f23bad54b0a79449652380b317819e0ea978 Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Fri, 13 Sep 2019 13:23:23 +0200 Subject: [PATCH] luci-app-firewall: fix stored XSS in rule- and forward detail pages Signed-off-by: Jo-Philipp Wich (cherry picked from commit 2a143f4777e5ec57dfc6c63d55bf80600486efd7) --- .../luasrc/model/cbi/firewall/forward-details.lua | 2 +- .../luasrc/model/cbi/firewall/rule-details.lua | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/applications/luci-app-firewall/luasrc/model/cbi/firewall/forward-details.lua b/applications/luci-app-firewall/luasrc/model/cbi/firewall/forward-details.lua index d51f8fb79..bf263bb0b 100644 --- a/applications/luci-app-firewall/luasrc/model/cbi/firewall/forward-details.lua +++ b/applications/luci-app-firewall/luasrc/model/cbi/firewall/forward-details.lua @@ -25,7 +25,7 @@ else if not name or #name == 0 then name = translate("(Unnamed Entry)") end - m.title = "%s - %s" %{ translate("Firewall - Port Forwards"), name } + m.title = "%s - %s" %{ translate("Firewall - Port Forwards"), luci.util.pcdata(name) } end s = m:section(NamedSection, arg[1], "redirect", "") diff --git a/applications/luci-app-firewall/luasrc/model/cbi/firewall/rule-details.lua b/applications/luci-app-firewall/luasrc/model/cbi/firewall/rule-details.lua index a4763d5dc..48329c8b2 100644 --- a/applications/luci-app-firewall/luasrc/model/cbi/firewall/rule-details.lua +++ b/applications/luci-app-firewall/luasrc/model/cbi/firewall/rule-details.lua @@ -44,7 +44,7 @@ elseif rule_type == "redirect" then name = "SNAT %s" % name end - m.title = "%s - %s" %{ translate("Firewall - Traffic Rules"), name } + m.title = "%s - %s" %{ translate("Firewall - Traffic Rules"), luci.util.pcdata(name) } local wan_zone = nil -- 2.25.1