$NetBSD: patch-ao,v 1.2 2020/09/07 10:34:52 mef Exp $

Fix various cross site scripting, arbitrary command execution and various
other vulnerabilities in webmin (CVE-2008-0720).

--- postfix/mailq_search.cgi.orig	2007-09-21 23:26:52.000000000 +0200
+++ postfix/mailq_search.cgi
@@ -17,7 +17,8 @@ $neg = ($in{'field'} =~ s/^!//);
 		 $neg ? !$r : $r } @qfiles;
 
 print "<p><b>",&text($in{'field'} =~ /^\!/ ? 'search_results3' :
-	  'search_results2', scalar(@qfiles), "<tt>$in{'match'}</tt>"),"</b><p>\n";
+	  'search_results2', scalar(@qfiles), "<tt>" .
+	  &html_escape($in{'match'}) . "</tt>"),"</b><p>\n";
 if (@qfiles) {
 	# Show matching messages
 	&mailq_table(\@qfiles);
