From 1cfdc526b4a02e43d8bb67cddaf3739afa817d53 Mon Sep 17 00:00:00 2001
From: Greg Hormann <ghormann@gmail.com>
Date: Sat, 26 Jun 2021 19:23:42 -0400
Subject: [PATCH] Fix XSS on invalid IP
 https://www.huntr.dev/bounties/32-other-FalconChristmas/fpp/

---
 www/shutdownRemoteFPP.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/www/shutdownRemoteFPP.php b/www/shutdownRemoteFPP.php
index 7f04db0a4..8db351c12 100644
--- a/www/shutdownRemoteFPP.php
+++ b/www/shutdownRemoteFPP.php
@@ -13,7 +13,8 @@
 $ip = $_GET['ip'];
 
 if(! filter_var($ip, FILTER_VALIDATE_IP)) {
-    echo "$ip is not a valid IP address\n";
+    $clean_ip = htmlspecialchars($ip, ENT_QUOTES, 'UTF-8');
+    echo "$clean_ip is not a valid IP address\n";
     exit(0);
 }