From 82b3cb8a7d485cec9f855596203a01daa20c0889 Mon Sep 17 00:00:00 2001
From: Jan Huwald <jh@sotun.de>
Date: Fri, 27 Apr 2012 20:31:05 +0000
Subject: webif: fix XSS in splash


diff --git a/files/common/www/service/cgi-bin/splash.html b/files/common/www/service/cgi-bin/splash.html
index b8c8264..d34bf2f 100755
--- a/files/common/www/service/cgi-bin/splash.html
+++ b/files/common/www/service/cgi-bin/splash.html
@@ -3,5 +3,5 @@ echo -en "Status: 200 OK\r\n"
 echo -en "Content-Type: text/html\r\n"
 echo -en "\r\n"
 
-targeturl="$(echo "$QUERY_STRING" | tr -d '/')"
+targeturl="$(echo "$QUERY_STRING" | tr -d '/<>\"')"
 sed "s/targeturl/$targeturl/g" index.html
-- 
cgit v0.10.1