]> granicus.if.org Git - pdns/commitdiff
projects / pdns / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: cd93d37)
webserver: htmlescape VERSION and config name
authorChristian Hofstaedtler <christian@hofstaedtler.name>
Tue, 5 Aug 2014 08:44:38 +0000 (10:44 +0200)
committerChristian Hofstaedtler <christian@hofstaedtler.name>
Tue, 5 Aug 2014 08:44:38 +0000 (10:44 +0200)
Those should not really have html characters in them, but let's be sure.

pdns/ws-auth.cc patch | blob | history

diff --git a/pdns/ws-auth.cc b/pdns/ws-auth.cc
index 68a2333cbbc15874b60bf101a55ea2f971816e1f..541a69fb83c882795556964db79d27f5d173f7ba 100644 (file)
--- a/pdns/ws-auth.cc
+++ b/pdns/ws-auth.cc
@@ -224,9 +224,9 @@ void AuthWebServer::indexfunction(HttpRequest* req, HttpResponse* resp)
 
   ret<<"<div class=\"row\">"<<endl;
   ret<<"<div class=\"headl columns\">";
-  ret<<"<a href=\"/\" id=\"appname\">PowerDNS "VERSION;
+  ret<<"<a href=\"/\" id=\"appname\">PowerDNS "<<htmlescape(VERSION);
   if(!arg()["config-name"].empty()) {
-    ret<<" ["<<arg()["config-name"]<<"]";
+    ret<<" ["<<htmlescape(arg()["config-name"])<<"]";
   }
   ret<<"</a></div>"<<endl;
   ret<<"<div class=\"headr columns\"></div></div>";
Unnamed repository; edit this file 'description' to name the repository.