Merge pull request #1542 from RaspAP/sec/providers

Sanitize country POST input
RaspAP · Mar 8, 2024 · 95f74c5 · 95f74c5
2 parents eabd356 + d5009e0
commit 95f74c5
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/includes/provider.php b/includes/provider.php
@@ -50,7 +50,7 @@ function DisplayProviderConfig()
     if (!RASPI_MONITOR_ENABLED) {
         if (isset($_POST['SaveProviderSettings'])) {
             if (isset($_POST['country'])) {
-                $country = trim($_POST['country']);
+                $country = escapeshellarg(trim($_POST['country']));
                 if (strlen($country) == 0) {
                     $status->addMessage('Select a country from the server location list', 'danger');
                 } else {