From d1f350ce70e477adc86d445f5cda9b24f9ff0168 Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Thu, 29 Jun 2023 21:46:58 +0200
Subject: [PATCH] System:Logging - Sanitize user input. An alfanum filter might
 be possible as well to strip module and scope, but might break some external
 plugins not on our radar.

---
 .../app/controllers/OPNsense/Diagnostics/LogController.php    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Diagnostics/LogController.php b/src/opnsense/mvc/app/controllers/OPNsense/Diagnostics/LogController.php
index bf05d78b6..66414f022 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/Diagnostics/LogController.php
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Diagnostics/LogController.php
@@ -38,8 +38,8 @@ class LogController extends IndexController
     public function renderPage($module, $scope)
     {
         $this->view->pick('OPNsense/Diagnostics/log');
-        $this->view->module = $module;
-        $this->view->scope = $scope;
+        $this->view->module = htmlspecialchars($module, ENT_QUOTES | ENT_HTML401);
+        $this->view->scope = htmlspecialchars($scope, ENT_QUOTES | ENT_HTML401);
         $this->view->service = '';
         $this->view->default_log_severity = 'Warning';