From: Javier Bassi <profetasdelmetal@gmail.com>
Date: Sat, 22 Oct 2011 02:35:10 +0000 (-0200)
Subject: Escaping filename.
X-Git-Url: https://iam.tj/gitweb/gitweb.cgi?p=webmin.git;a=commitdiff_plain;h=bf230498a0ee6f13e13a4b940a7f90644f84a800

Escaping filename.
---

diff --git a/apache/create_virt.cgi b/apache/create_virt.cgi
index 906a3383..3af06984 100755
--- a/apache/create_virt.cgi
+++ b/apache/create_virt.cgi
@@ -118,7 +118,7 @@ else {
 	# Use a user-specified file
 	$f = $in{'file'};
 	}
--r $f || open(FILE, ">>$f") || &error(&text('cvirt_efile', $f, $!));
+-r $f || open(FILE, ">>$f") || &error(&text('cvirt_efile', &html_escape($f), $!));
 close(FILE);
 
 &lock_apache_files();