Browse Source

Fix missing XML Escaping in Password String

Fixes #5060
pull/5149/head
Marvin Dickhaus 6 months ago
committed by GitHub
parent
commit
fd461fe015
No known key found for this signature in database GPG Key ID: B5690EEEBB952194
  1. 13
      dnsapi/dns_inwx.sh

13
dnsapi/dns_inwx.sh

@ -160,6 +160,15 @@ _inwx_check_cookie() {
return 1 return 1
} }
_htmlEscape() {
local s
s=${1//&/&}
s=${s//</&lt;}
s=${s//>/&gt;}
s=${s//'"'/&quot;}
printf -- %s "$s"
}
_inwx_login() { _inwx_login() {
if _inwx_check_cookie; then if _inwx_check_cookie; then
@ -167,6 +176,8 @@ _inwx_login() {
return 0 return 0
fi fi
XML_PASS=$(_htmlEscape "$INWX_Password")
xml_content=$(printf '<?xml version="1.0" encoding="UTF-8"?> xml_content=$(printf '<?xml version="1.0" encoding="UTF-8"?>
<methodCall> <methodCall>
<methodName>account.login</methodName> <methodName>account.login</methodName>
@ -190,7 +201,7 @@ _inwx_login() {
</value> </value>
</param> </param>
</params> </params>
</methodCall>' "$INWX_User" "$INWX_Password")
</methodCall>' "$INWX_User" "$XML_PASS")
response="$(_post "$xml_content" "$INWX_Api" "" "POST")" response="$(_post "$xml_content" "$INWX_Api" "" "POST")"

Loading…
Cancel
Save