luci-app-firewall: fix stored XSS in rule- and forward detail pages

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-13 13:23:23 +02:00 · 2019-09-13 13:23:23 +02:00 · 2a143f4777
commit 2a143f4777
parent f2c08dc9c1
2 changed files with 2 additions and 2 deletions
--- a/applications/luci-app-firewall/luasrc/model/cbi/firewall/forward-details.lua
+++ b/applications/luci-app-firewall/luasrc/model/cbi/firewall/forward-details.lua
@ -25,7 +25,7 @@ else
 	if not name or #name == 0 then
 		name = translate("(Unnamed Entry)")
 	end
-	m.title = "%s - %s" %{ translate("Firewall - Port Forwards"), name }
+	m.title = "%s - %s" %{ translate("Firewall - Port Forwards"), luci.util.pcdata(name) }
 end

 s = m:section(NamedSection, arg[1], "redirect", "")
--- a/applications/luci-app-firewall/luasrc/model/cbi/firewall/rule-details.lua
+++ b/applications/luci-app-firewall/luasrc/model/cbi/firewall/rule-details.lua
@ -39,7 +39,7 @@ elseif rule_type == "redirect" then
 		name = "SNAT %s" % name
 	end

-	m.title = "%s - %s" %{ translate("Firewall - Traffic Rules"), name }
+	m.title = "%s - %s" %{ translate("Firewall - Traffic Rules"), luci.util.pcdata(name) }

 	s = m:section(NamedSection, arg[1], "redirect", "")
 	s.anonymous = true