diff options
author | jim-p <jimp@pfsense.org> | 2010-11-12 11:35:02 -0500 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2010-11-12 11:35:02 -0500 |
commit | 4656943e59eb19a534c06cc253e266da6c52e915 (patch) | |
tree | 71782dd986b113eb46f74d6f4d5fb31217334227 | |
parent | 190d5d5814add2cc1a85fa8f3db01f54243acb58 (diff) | |
download | pfsense-4656943e59eb19a534c06cc253e266da6c52e915.zip pfsense-4656943e59eb19a534c06cc253e266da6c52e915.tar.gz |
Fix a theoretical/potential XSS in the http_referer check warning.
-rw-r--r-- | etc/inc/auth.inc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index 443c9dc..3628436 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -106,7 +106,7 @@ if(!$config['system']['nohttpreferercheck']) { $found_host = true; } if($found_host == false) { - display_error_form("501", "An HTTP_REFERER was detected other than what is defined in System -> Advanced (" . $_SERVER['HTTP_REFERER'] . "). You can disable this check if needed in System -> Advanced -> Admin."); + display_error_form("501", "An HTTP_REFERER was detected other than what is defined in System -> Advanced (" . htmlspecialchars($_SERVER['HTTP_REFERER']) . "). You can disable this check if needed in System -> Advanced -> Admin."); exit; } } |