From d5009e0c1ec6e69d2234e2620f62161f5a4513d5 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Fri, 8 Mar 2024 21:14:33 +0100
Subject: [PATCH] Sanitize country POST input

---
 includes/provider.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/includes/provider.php b/includes/provider.php
index d804448d7..4bafe8eee 100755
--- a/includes/provider.php
+++ b/includes/provider.php
@@ -50,7 +50,7 @@ function DisplayProviderConfig()
     if (!RASPI_MONITOR_ENABLED) {
         if (isset($_POST['SaveProviderSettings'])) {
             if (isset($_POST['country'])) {
-                $country = trim($_POST['country']);
+                $country = escapeshellarg(trim($_POST['country']));
                 if (strlen($country) == 0) {
                     $status->addMessage('Select a country from the server location list', 'danger');
                 } else {