diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2008-02-22 00:11:58 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2008-02-22 00:11:58 +0000 |
commit | c5733422af40b03542bdc9077ab833550eb4a51d (patch) | |
tree | 93c19571fd7cd4a654eb909dea8facdb513fe01c | |
parent | 59b2217456f6647774f4682bd5ef7f4bfe6e805c (diff) | |
download | pfsense-c5733422af40b03542bdc9077ab833550eb4a51d.zip pfsense-c5733422af40b03542bdc9077ab833550eb4a51d.tar.gz |
Guard against javascript injection attacks
Ticket #1656
-rwxr-xr-x | usr/local/www/diag_dhcp_leases.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/usr/local/www/diag_dhcp_leases.php b/usr/local/www/diag_dhcp_leases.php index 388ffc4..003cb13 100755 --- a/usr/local/www/diag_dhcp_leases.php +++ b/usr/local/www/diag_dhcp_leases.php @@ -206,7 +206,7 @@ foreach($config['interfaces'] as $ifname => $ifarr) { $slease['start'] = gmdate("M d Y H:i:s", time()); $slease['end'] = gmdate("M d Y H:i:s", time()); $slease['end'] = gmdate("M d Y H:i:s", strtotime('+5 minutes')); - $slease['hostname'] = $static['hostname']; + $slease['hostname'] = htmlentities($static['hostname']); $slease['act'] = "static"; $online = exec("/usr/sbin/arp -an |/usr/bin/grep {$slease['mac']}| /usr/bin/wc -l|/usr/bin/awk '{print $1;}'"); if ($online == 1) { @@ -308,7 +308,7 @@ foreach ($leases as $data) { } else { echo "<td class=\"listr\">{$fspans}{$data['mac']}{$fspane} </td>\n"; } - echo "<td class=\"listr\">{$fspans}{$data['hostname']}{$fspane} </td>\n"; + echo "<td class=\"listr\">{$fspans}" . htmlentities($data['hostname']) . "{$fspane} </td>\n"; echo "<td class=\"listr\">{$fspans}" . adjust_gmt($data['start']) . "{$fspane} </td>\n"; echo "<td class=\"listr\">{$fspans}" . adjust_gmt($data['end']) . "{$fspane} </td>\n"; echo "<td class=\"listr\">{$fspans}{$data['online']}{$fspane} </td>\n"; |