diff --git a/app/admin/subnets/ripe-query.php b/app/admin/subnets/ripe-query.php
index 0ece3e2d1..644c46ecd 100755
--- a/app/admin/subnets/ripe-query.php
+++ b/app/admin/subnets/ripe-query.php
@@ -22,14 +22,14 @@
?>
-
+
show("danger", _(ucwords($res['error'])), false);
+ $Result->show("danger", _(ucwords(escape_input($res['error']))), false);
}
// ok, print field matching
else {
@@ -53,6 +53,8 @@
// loop
if (isset($res['data'])) {
foreach ($res['data'] as $k=>$d) {
+ $d = escape_input($d);
+
print "
";
print "";
print " $k: $d";
diff --git a/functions/classes/class.Subnets.php b/functions/classes/class.Subnets.php
index 2695b655f..021afcd32 100644
--- a/functions/classes/class.Subnets.php
+++ b/functions/classes/class.Subnets.php
@@ -3524,7 +3524,7 @@ public function resolve_ripe_arin ($subnet) {
* Queries ripe for subnet information
*
* Example:
- * curl -X GET -H "Accept: application/json" "http://rest.db.ripe.net/ripe/inetnum/185.72.140.0/24"
+ * curl -X GET -H "Accept: application/json" "https://rest.db.ripe.net/ripe/inetnum/185.72.140.0/24"
*
* @access private
* @param mixed $subnet
@@ -3620,7 +3620,7 @@ private function query_arin ($subnet) {
*/
private function ripe_arin_fetch ($network, $type, $subnet) {
// set url
- $url = $network=="ripe" ? "http://rest.db.ripe.net/ripe/$type/$subnet" : "http://whois.arin.net/rest/nets;q=$subnet?showDetails=true&showARIN=false&showNonArinTopLevelNet=false&ext=netref2";
+ $url = $network=="ripe" ? "https://rest.db.ripe.net/ripe/$type/$subnet" : "https://whois.arin.net/rest/nets;q=$subnet?showDetails=true&showARIN=false&showNonArinTopLevelNet=false&ext=netref2";
$result = $this->curl_fetch_url($url, ["Accept: application/json"]);
diff --git a/misc/CHANGELOG b/misc/CHANGELOG
index 9893a6a36..e35aba805 100755
--- a/misc/CHANGELOG
+++ b/misc/CHANGELOG
@@ -91,6 +91,7 @@
+ XSS while uploading CVS files;
+ XSS (reflected) in 'find subnets';
+ Incorrect privilege assignments (#3506);
+ + XXS (reflected) in ripe-arin-query;
Translations:
----------------------------
|