Work around a potential XSS in spamd_db.php. Small version bump for spamd.

3 files changed, 3 insertions, 3 deletions

diff --git a/config/spamd/spamd.xml b/config/spamd/spamd.xml
index de03d224..5accb790 100644
--- a/config/spamd/spamd.xml
+++ b/config/spamd/spamd.xml
@@ -42,7 +42,7 @@
 	]]>
 	</copyright>
 	<name>spamdsources</name>
-	<version>1.1.5</version>
+	<version>1.1.5.1</version>
 	<title>SpamD: External Sources</title>
 	<include_file>/usr/local/pkg/spamd.inc</include_file>
 	<backup_file>/var/db/spamd</backup_file>
diff --git a/config/spamd/spamd_db.php b/config/spamd/spamd_db.php
index c81f5916..d544ce16 100644
--- a/config/spamd/spamd_db.php
+++ b/config/spamd/spamd_db.php
@@ -55,7 +55,7 @@ if ($spamtrapemail) {
 /* handle AJAX operations */
 if ($_GET['action'] or $_POST['action']) {
 	/* echo back buttonid so it can be turned  back off when request is completed. */
-	echo $_GET['buttonid'] . "|";
+	echo htmlspecialchars($_GET['buttonid']) . "|";
 	if ($_GET['action']) {
 		$action = $_GET['action'];
 	}
diff --git a/pkg_config.10.xml b/pkg_config.10.xml
index c167689c..d7d286ec 100644
--- a/pkg_config.10.xml
+++ b/pkg_config.10.xml
@@ -438,7 +438,7 @@
 		<category>Services</category>
 		<config_file>https://packages.pfsense.org/packages/config/spamd/spamd.xml</config_file>
 		<depends_on_package_pbi>spamd-4.9.1_2-##ARCH##.pbi</depends_on_package_pbi>
-		<version>1.1.5</version>
+		<version>1.1.5.1</version>
 		<status>Beta</status>
 		<required_version>2.2</required_version>
 		<port_category>mail</port_category>