diff options
| author | Jan Huwald <jh@sotun.de> | 2012-04-27 20:31:05 (GMT) |
|---|---|---|
| committer | Jan Huwald <jh@sotun.de> | 2012-04-27 20:31:05 (GMT) |
| commit | 82b3cb8a7d485cec9f855596203a01daa20c0889 (patch) | |
| tree | a9dd7255ab6d9dfb8804dda7b6585127cfef1e79 | |
| parent | cc349be283af3f3efea2f9ce40952a6ea978620f (diff) | |
webif: fix XSS in splash
| -rwxr-xr-x | files/common/www/service/cgi-bin/splash.html | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/files/common/www/service/cgi-bin/splash.html b/files/common/www/service/cgi-bin/splash.html index b8c8264..d34bf2f 100755 --- a/files/common/www/service/cgi-bin/splash.html +++ b/files/common/www/service/cgi-bin/splash.html @@ -3,5 +3,5 @@ echo -en "Status: 200 OK\r\n" echo -en "Content-Type: text/html\r\n" echo -en "\r\n" -targeturl="$(echo "$QUERY_STRING" | tr -d '/')" +targeturl="$(echo "$QUERY_STRING" | tr -d '/<>\"')" sed "s/targeturl/$targeturl/g" index.html |