From bf230498a0ee6f13e13a4b940a7f90644f84a800 Mon Sep 17 00:00:00 2001
From: Javier Bassi <profetasdelmetal@gmail.com>
Date: Sat, 22 Oct 2011 00:35:10 -0200
Subject: [PATCH] Escaping filename.

---
 apache/create_virt.cgi | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apache/create_virt.cgi b/apache/create_virt.cgi
index 906a3383..3af06984 100755
--- a/apache/create_virt.cgi
+++ b/apache/create_virt.cgi
@@ -118,7 +118,7 @@ else {
 	# Use a user-specified file
 	$f = $in{'file'};
 	}
--r $f || open(FILE, ">>$f") || &error(&text('cvirt_efile', $f, $!));
+-r $f || open(FILE, ">>$f") || &error(&text('cvirt_efile', &html_escape($f), $!));
 close(FILE);
 
 &lock_apache_files();
-- 
2.17.1