Permalink
Browse files

webserver: htmlescape VERSION and config name

Those should not really have html characters in them, but let's be sure.
  • Loading branch information...
1 parent cd93d37 commit a1caa8b82931793c4976aaff2a81b32b5d9e5248 @zeha zeha committed Aug 5, 2014
Showing with 2 additions and 2 deletions.
  1. +2 −2 pdns/ws-auth.cc
View
@@ -224,9 +224,9 @@ void AuthWebServer::indexfunction(HttpRequest* req, HttpResponse* resp)
ret<<"<div class=\"row\">"<<endl;
ret<<"<div class=\"headl columns\">";
- ret<<"<a href=\"/\" id=\"appname\">PowerDNS "VERSION;
+ ret<<"<a href=\"/\" id=\"appname\">PowerDNS "<<htmlescape(VERSION);
if(!arg()["config-name"].empty()) {
- ret<<" ["<<arg()["config-name"]<<"]";
+ ret<<" ["<<htmlescape(arg()["config-name"])<<"]";
}
ret<<"</a></div>"<<endl;
ret<<"<div class=\"headr columns\"></div></div>";

0 comments on commit a1caa8b

Please sign in to comment.