From a31da97d66e89d78d50a57c065a815092fad7cf7 Mon Sep 17 00:00:00 2001
From: Michael Kaufmann <d00p@froxlor.org>
Date: Wed, 13 Jan 2021 10:14:51 +0100
Subject: [PATCH] exclude some formfields from xss-cleaning as it could alter
 the wanted content

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
---
 lib/Froxlor/PhpHelper.php | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/lib/Froxlor/PhpHelper.php b/lib/Froxlor/PhpHelper.php
index 375ac131..90acb012 100644
--- a/lib/Froxlor/PhpHelper.php
+++ b/lib/Froxlor/PhpHelper.php
@@ -400,10 +400,21 @@ class PhpHelper
 	 */
 	public static function cleanGlobal(&$global, &$antiXss)
 	{
+		$ignored_fields = [
+			'system_default_vhostconf',
+			'system_default_sslvhostconf',
+			'system_apache_globaldiropt',
+			'specialsettings',
+			'ssl_specialsettings',
+			'default_vhostconf_domain',
+			'ssl_default_vhostconf_domain'
+		];
 		if (isset($global) && ! empty($global)) {
 			$tmp = $global;
 			foreach ($tmp as $index => $value) {
-				$global[$index] = $antiXss->xss_clean($value);
+				if (!in_array($index, $ignored_fields)) {
+					$global[$index] = $antiXss->xss_clean($value);
+				}
 			}
 		}
 	}