fix: Possible XSS via email test functionality

limetech · limetech · commit fa932395b5aa · 2026-01-08T09:43:38.000-08:00
diff --git a/emhttp/plugins/dynamix/include/SMTPtest.php b/emhttp/plugins/dynamix/include/SMTPtest.php
@@ -40,7 +40,7 @@ function PsKill($pid) {
 if (PsExecute("$docroot/webGui/scripts/notify -s 'Unraid SMTP Test' -d 'Test message received!' -i 'alert' -l '/Settings/Notifications' -t")) {
   $result = exec("tail -3 /var/log/syslog|awk '/sSMTP/ {getline;print}'|cut -d']' -f2|cut -d'(' -f1");
   $color = strpos($result, 'Sent mail') ? 'green' : 'red';
-  echo _("Test result")."<span class='$color'>$result</span>";
+  echo _("Test result")."<span class='$color'>".htmlspecialchars($result)."</span>";
 } else {
   echo _("Test result")."<span class='red'>: "._('No reply from mail server')."</span>";
 }

Original file line number	Diff line number	Diff line change
`@@ -40,7 +40,7 @@ function PsKill($pid) {`
`40`	`40`	`if (PsExecute("$docroot/webGui/scripts/notify -s 'Unraid SMTP Test' -d 'Test message received!' -i 'alert' -l '/Settings/Notifications' -t")) {`
`41`	`41`	`$result = exec("tail -3 /var/log/syslog\|awk '/sSMTP/ {getline;print}'\|cut -d']' -f2\|cut -d'(' -f1");`
`42`	`42`	`$color = strpos($result, 'Sent mail') ? 'green' : 'red';`
`43`		`- echo _("Test result")."<span class='$color'>$result</span>";`
	`43`	`+ echo _("Test result")."<span class='$color'>".htmlspecialchars($result)."</span>";`
`44`	`44`	`} else {`
`45`	`45`	`echo _("Test result")."<span class='red'>: "._('No reply from mail server')."</span>";`
`46`	`46`	`}`