Browse Source

Fix missing XML Escaping in Password String

Fixes #5060
pull/5149/head
Marvin Dickhaus 7 months ago
committed by GitHub
parent
commit
fd461fe015
No known key found for this signature in database GPG Key ID: B5690EEEBB952194
  1. 13
      dnsapi/dns_inwx.sh

13
dnsapi/dns_inwx.sh

@ -160,6 +160,15 @@ _inwx_check_cookie() {
return 1
}
_htmlEscape() {
local s
s=${1//&/&}
s=${s//</&lt;}
s=${s//>/&gt;}
s=${s//'"'/&quot;}
printf -- %s "$s"
}
_inwx_login() {
if _inwx_check_cookie; then
@ -167,6 +176,8 @@ _inwx_login() {
return 0
fi
XML_PASS=$(_htmlEscape "$INWX_Password")
xml_content=$(printf '<?xml version="1.0" encoding="UTF-8"?>
<methodCall>
<methodName>account.login</methodName>
@ -190,7 +201,7 @@ _inwx_login() {
</value>
</param>
</params>
</methodCall>' "$INWX_User" "$INWX_Password")
</methodCall>' "$INWX_User" "$XML_PASS")
response="$(_post "$xml_content" "$INWX_Api" "" "POST")"

Loading…
Cancel
Save