From 9d8b3899c10a27a1c44ce14b07d4e9e708140c5f Mon Sep 17 00:00:00 2001
From: Zack Spear <hi@zackspear.com>
Date: Tue, 9 Dec 2025 12:13:55 -0800
Subject: [PATCH] fix: sanitize output in SMTP test and notification scripts

---
 emhttp/plugins/dynamix/include/SMTPtest.php |  2 +-
 emhttp/plugins/dynamix/scripts/notify       | 20 ++++++++++----------
 2 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/emhttp/plugins/dynamix/include/SMTPtest.php b/emhttp/plugins/dynamix/include/SMTPtest.php
index 2d3b2f1e31..9e6854f1cc 100644
--- a/emhttp/plugins/dynamix/include/SMTPtest.php
+++ b/emhttp/plugins/dynamix/include/SMTPtest.php
@@ -40,7 +40,7 @@ function PsKill($pid) {
 if (PsExecute("$docroot/webGui/scripts/notify -s 'Unraid SMTP Test' -d 'Test message received!' -i 'alert' -l '/Settings/Notifications' -t")) {
   $result = exec("tail -3 /var/log/syslog|awk '/sSMTP/ {getline;print}'|cut -d']' -f2|cut -d'(' -f1");
   $color = strpos($result, 'Sent mail') ? 'green' : 'red';
-  echo _("Test result")."<span class='$color'>$result</span>";
+  echo _("Test result")."<span class='$color'>".htmlspecialchars($result)."</span>";
 } else {
   echo _("Test result")."<span class='red'>: "._('No reply from mail server')."</span>";
 }
diff --git a/emhttp/plugins/dynamix/scripts/notify b/emhttp/plugins/dynamix/scripts/notify
index 1c4db802b5..57cbb8ad0e 100755
--- a/emhttp/plugins/dynamix/scripts/notify
+++ b/emhttp/plugins/dynamix/scripts/notify
@@ -256,21 +256,21 @@ case 'add':
   $cleanSubject = clean_subject($subject);
   $archiveData = [
     'timestamp' => $timestamp,
-    'event' => $event,
-    'subject' => $cleanSubject,
-    'description' => $description,
-    'importance' => $importance,
+    'event' => htmlspecialchars($event),
+    'subject' => htmlspecialchars($cleanSubject),
+    'description' => htmlspecialchars($description),
+    'importance' => htmlspecialchars($importance),
   ];
-  if ($message) $archiveData['message'] = str_replace('\n','<br>',$message);
+  if ($message) $archiveData['message'] = str_replace('\n','<br>',htmlspecialchars($message));
   if (!$mailtest) file_put_contents($archive, build_ini_string($archiveData));
   if (($entity & 1)==1 && !$mailtest && !$noBrowser) {
     $unreadData = [
       'timestamp' => $timestamp,
-      'event' => $event,
-      'subject' => $cleanSubject,
-      'description' => $description,
-      'importance' => $importance,
-      'link' => $link,
+      'event' => htmlspecialchars($event),
+      'subject' => htmlspecialchars($cleanSubject),
+      'description' => htmlspecialchars($description),
+      'importance' => htmlspecialchars($importance),
+      'link' => htmlspecialchars($link),
     ];
     file_put_contents($unread, build_ini_string($unreadData));
   }