diff options
author | jim-p <jimp@pfsense.org> | 2014-10-21 14:19:28 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2014-10-21 14:25:35 -0400 |
commit | 5b473705fac4e128070fcc009864b97624f38b03 (patch) | |
tree | b937d5b2246b0f63883b11b90d55bba5a6c66054 | |
parent | 2c296872a7e5bc0e20a5e7aad4fd61abd0dcc24d (diff) | |
download | pfsense-5b473705fac4e128070fcc009864b97624f38b03.zip pfsense-5b473705fac4e128070fcc009864b97624f38b03.tar.gz |
Encode values before displaying them back to the user in notification settings.
-rw-r--r-- | usr/local/www/system_advanced_notifications.php | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/usr/local/www/system_advanced_notifications.php b/usr/local/www/system_advanced_notifications.php index 3184fb1..a3c1fbb 100644 --- a/usr/local/www/system_advanced_notifications.php +++ b/usr/local/www/system_advanced_notifications.php @@ -205,28 +205,28 @@ include("head.inc"); <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Registration Name"); ?></td> <td width="78%" class="vtable"> - <input name='name' value='<?php echo $pconfig['name']; ?>' /><br/> + <input name='name' value='<?php echo htmlspecialchars($pconfig['name']); ?>' /><br/> <?=gettext("Enter the name to register with the Growl server (default: PHP-Growl)."); ?> </td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Notification Name"); ?></td> <td width="78%" class="vtable"> - <input name='notification_name' value='<?php echo $pconfig['notification_name']; ?>' /><br/> + <input name='notification_name' value='<?php echo htmlspecialchars($pconfig['notification_name']); ?>' /><br/> <?=sprintf(gettext("Enter a name for the Growl notifications (default: %s growl alert)."), $g['product_name']); ?> </td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("IP Address"); ?></td> <td width="78%" class="vtable"> - <input name='ipaddress' value='<?php echo $pconfig['ipaddress']; ?>' /><br/> + <input name='ipaddress' value='<?php echo htmlspecialchars($pconfig['ipaddress']); ?>' /><br/> <?=gettext("This is the IP address that you would like to send growl notifications to."); ?> </td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Password"); ?></td> <td width="78%" class="vtable"> - <input name='password' type='password' value='<?php echo $pconfig['password']; ?>' /><br/> + <input name='password' type='password' value='<?php echo htmlspecialchars($pconfig['password']); ?>' /><br/> <?=gettext("Enter the password of the remote growl notification device."); ?> </td> </tr> @@ -256,49 +256,49 @@ include("head.inc"); <tr> <td width="22%" valign="top" class="vncell"><?=gettext("E-Mail server"); ?></td> <td width="78%" class="vtable"> - <input name='smtpipaddress' value='<?php echo $pconfig['smtpipaddress']; ?>' /><br/> + <input name='smtpipaddress' value='<?php echo htmlspecialchars($pconfig['smtpipaddress']); ?>' /><br/> <?=gettext("This is the FQDN or IP address of the SMTP E-Mail server to which notifications will be sent."); ?> </td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("SMTP Port of E-Mail server"); ?></td> <td width="78%" class="vtable"> - <input name='smtpport' value='<?php echo $pconfig['smtpport']; ?>' /><br/> + <input name='smtpport' value='<?php echo htmlspecialchars($pconfig['smtpport']); ?>' /><br/> <?=gettext("This is the port of the SMTP E-Mail server, typically 25, 587 (submission) or 465 (smtps)"); ?> </td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Secure SMTP Connection"); ?></td> <td width="78%" class="vtable"> - <input type='checkbox' id='smtpssl' name='smtpssl' <?php echo $pconfig['smtpssl']; ?> />Enable SMTP over SSL/TLS<br/> - <input type='checkbox' id='smtptls' name='smtptls' <?php echo $pconfig['smtptls']; ?> />Enable STARTTLS<br/> + <input type='checkbox' id='smtpssl' name='smtpssl' <?php echo htmlspecialchars($pconfig['smtpssl']); ?> />Enable SMTP over SSL/TLS<br/> + <input type='checkbox' id='smtptls' name='smtptls' <?php echo htmlspecialchars($pconfig['smtptls']); ?> />Enable STARTTLS<br/> </td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("From e-mail address"); ?></td> <td width="78%" class="vtable"> - <input name='smtpfromaddress' type='text' value='<?php echo $pconfig['smtpfromaddress']; ?>' /><br/> + <input name='smtpfromaddress' type='text' value='<?php echo htmlspecialchars($pconfig['smtpfromaddress']); ?>' /><br/> <?=gettext("This is the e-mail address that will appear in the from field."); ?> </td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Notification E-Mail address"); ?></td> <td width="78%" class="vtable"> - <input name='smtpnotifyemailaddress' type='text' value='<?php echo $pconfig['smtpnotifyemailaddress']; ?>' /><br/> + <input name='smtpnotifyemailaddress' type='text' value='<?php echo htmlspecialchars($pconfig['smtpnotifyemailaddress']); ?>' /><br/> <?=gettext("Enter the e-mail address that you would like email notifications sent to."); ?> </td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Notification E-Mail auth username (optional)"); ?></td> <td width="78%" class="vtable"> - <input name='smtpusername' type='text' value='<?php echo $pconfig['smtpusername']; ?>' /><br/> + <input name='smtpusername' type='text' value='<?php echo htmlspecialchars($pconfig['smtpusername']); ?>' /><br/> <?=gettext("Enter the e-mail address username for SMTP authentication."); ?> </td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Notification E-Mail auth password"); ?></td> <td width="78%" class="vtable"> - <input name='smtppassword' type='password' value='<?php echo $pconfig['smtppassword']; ?>' /><br/> + <input name='smtppassword' type='password' value='<?php echo htmlspecialchars($pconfig['smtppassword']); ?>' /><br/> <?=gettext("Enter the e-mail address password for SMTP authentication."); ?> </td> </tr> |