From fd461fe015608ddf00710bb05ef2aaa3799fa3c7 Mon Sep 17 00:00:00 2001 From: Marvin Dickhaus <2642714+Weishaupt@users.noreply.github.com> Date: Thu, 16 May 2024 22:44:47 +0200 Subject: [PATCH] Fix missing XML Escaping in Password String Fixes #5060 --- dnsapi/dns_inwx.sh | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/dnsapi/dns_inwx.sh b/dnsapi/dns_inwx.sh index e483c0e8..2f2082d6 100755 --- a/dnsapi/dns_inwx.sh +++ b/dnsapi/dns_inwx.sh @@ -160,6 +160,15 @@ _inwx_check_cookie() { return 1 } +_htmlEscape() { + local s + s=${1//&/&} + s=${s///>} + s=${s//'"'/"} + printf -- %s "$s" +} + _inwx_login() { if _inwx_check_cookie; then @@ -167,6 +176,8 @@ _inwx_login() { return 0 fi + XML_PASS=$(_htmlEscape "$INWX_Password") + xml_content=$(printf ' account.login @@ -190,7 +201,7 @@ _inwx_login() { - ' "$INWX_User" "$INWX_Password") + ' "$INWX_User" "$XML_PASS") response="$(_post "$xml_content" "$INWX_Api" "" "POST")"