From fd42196718a6fa7fe17b37fab0933d3cbcb3db0d Mon Sep 17 00:00:00 2001
From: Jaap Marcus <9754650+jaapmarcus@users.noreply.github.com>
Date: Mon, 14 Mar 2022 09:31:39 +0100
Subject: [PATCH] Patch out XSS  in edit server (#2471)

---
 web/edit/db/index.php                | 1 +
 web/edit/dns/index.php               | 1 +
 web/edit/mail/index.php              | 1 +
 web/edit/web/index.php               | 1 +
 web/templates/pages/edit_server.html | 2 +-
 5 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/web/edit/db/index.php b/web/edit/db/index.php
index d7f059f701..f42f511cfa 100644
--- a/web/edit/db/index.php
+++ b/web/edit/db/index.php
@@ -15,6 +15,7 @@
 // Edit as someone else?
 if (($_SESSION['userContext'] === 'admin') && (!empty($_GET['user']))) {
     $user=escapeshellarg($_GET['user']);
+    $user_plain=htmlentities($_GET['user']);
 }
 
 // List datbase
diff --git a/web/edit/dns/index.php b/web/edit/dns/index.php
index e83c1bbbea..7dbaaef90b 100644
--- a/web/edit/dns/index.php
+++ b/web/edit/dns/index.php
@@ -15,6 +15,7 @@
 // Edit as someone else?
 if (($_SESSION['userContext'] === 'admin') && (!empty($_GET['user']))) {
     $user=escapeshellarg($_GET['user']);
+    $user_plain=htmlentities($_GET['user']);
 }
 
 // List ip addresses
diff --git a/web/edit/mail/index.php b/web/edit/mail/index.php
index 7c2f016266..1aaead2737 100644
--- a/web/edit/mail/index.php
+++ b/web/edit/mail/index.php
@@ -15,6 +15,7 @@
 // Edit as someone else?
 if (($_SESSION['userContext'] === 'admin') && (!empty($_GET['user']))) {
     $user=escapeshellarg($_GET['user']);
+    $user_plain=htmlentities($_GET['user']);
 }
 
 $v_username = $user;
diff --git a/web/edit/web/index.php b/web/edit/web/index.php
index 5a66a267ef..9d0362762f 100644
--- a/web/edit/web/index.php
+++ b/web/edit/web/index.php
@@ -16,6 +16,7 @@
 // Edit as someone else?
 if (($_SESSION['userContext'] === 'admin') && (!empty($_GET['user']))) {
     $user=escapeshellarg($_GET['user']);
+    $user_plain=htmlentities($_GET['user']);
 }
 
 // Get all user domains
diff --git a/web/templates/pages/edit_server.html b/web/templates/pages/edit_server.html
index f2540cc75a..63b5a649b3 100644
--- a/web/templates/pages/edit_server.html
+++ b/web/templates/pages/edit_server.html
@@ -857,7 +857,7 @@
 									<tr>
 										<td class="vst-text step-top">
 											<?=_('SSL Certificate');?>
-											<span id="generate-csr"> / <a class="generate" target="_blank" href="/generate/ssl/?domain=<?=$v_hostname?>"><?=_('Generate CSR');?></a></span>
+											<span id="generate-csr"> / <a class="generate" target="_blank" href="/generate/ssl/?domain=<?=htmlentities(trim($v_hostname,'"'));?>"><?=_('Generate CSR');?></a></span>
 										</td>
 									</tr>
 									<tr>