Permalink
Browse files

XSS protection

  • Loading branch information...
1 parent 0ab1ace commit 07e41378ea6c9f709e881c0973c3b2f52270e4d2 @jcameron jcameron committed Mar 1, 2011
Showing with 2 additions and 2 deletions.
  1. +2 −2 bind8/find_zones.cgi
View
4 bind8/find_zones.cgi
@@ -10,7 +10,7 @@ foreach $z (@zones) {
$v = $z->{'name'};
next if ($z->{'type'} eq 'view' ||
$v eq "." || !&can_edit_zone($z) ||
- &arpa_to_ip($v) !~ /$in{'search'}/i);
+ &arpa_to_ip($v) !~ /\Q$in{'search'}\E/i);
$t = $z->{'type'};
if ($z->{'view'}) {
push(@zlinks, "edit_$t.cgi?index=$z->{'index'}".
@@ -34,7 +34,7 @@ if (@zlinks == 1) {
}
&ui_print_header(undef, $text{'find_title'}, "");
-print &text('find_match', "<tt>$in{'search'}</tt>"),"<p>\n";
+print &text('find_match', "<tt>".&html_escape($in{'search'})."</tt>"),"<p>\n";
if ($len) {
# sort list of zones

0 comments on commit 07e4137

Please sign in to comment.