Encode the interface parameter before using it in a redirect

author: jim-p <jimp@pfsense.org> 2012-10-31 14:23:46 -0400
committer: jim-p <jimp@pfsense.org> 2012-10-31 14:24:15 -0400
commit: 7cf76e8bb53dbb637f2800150380601105fb1ce2 (patch)
tree: 8dbaa870d3b6ae44f5ff32e1e19961af1e70e8d9
parent: ee8981553bd187ea9eb0d2af88fb48c855a638dc (diff)
download: pfsense-7cf76e8bb53dbb637f2800150380601105fb1ce2.zip
pfsense-7cf76e8bb53dbb637f2800150380601105fb1ce2.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php
index e054a6c..ba9b3ce 100755
--- a/usr/local/www/firewall_rules_edit.php
+++ b/usr/local/www/firewall_rules_edit.php
@@ -574,7 +574,7 @@ if ($_POST) {
 		if (isset($_POST['floating']))
 			header("Location: firewall_rules.php?if=FloatingRules");
 		else
-			header("Location: firewall_rules.php?if=" . $_POST['interface']);
+			header("Location: firewall_rules.php?if=" . htmlspecialchars($_POST['interface']));
 		exit;
 	}
 }
author	jim-p <jimp@pfsense.org>	2012-10-31 14:23:46 -0400
committer	jim-p <jimp@pfsense.org>	2012-10-31 14:24:15 -0400
commit	7cf76e8bb53dbb637f2800150380601105fb1ce2 (patch)
tree	8dbaa870d3b6ae44f5ff32e1e19961af1e70e8d9
parent	ee8981553bd187ea9eb0d2af88fb48c855a638dc (diff)
download	pfsense-7cf76e8bb53dbb637f2800150380601105fb1ce2.zip pfsense-7cf76e8bb53dbb637f2800150380601105fb1ce2.tar.gz