diff options
| author | jim-p <jimp@pfsense.org> | 2015-08-24 08:34:09 -0400 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2015-08-24 08:34:09 -0400 |
| commit | 05da124c0ceeaa15bbe707338fba393cbee30f87 (patch) | |
| tree | 05ca1ec79697fdb5e586a82e8772e9c977b89668 | |
| parent | 609d2870e54dccb1d4c30d382e4ad040fd8f1ff1 (diff) | |
| download | pfsense-05da124c0ceeaa15bbe707338fba393cbee30f87.zip pfsense-05da124c0ceeaa15bbe707338fba393cbee30f87.tar.gz | |
Fix handling of the description in the shaper code.
| -rw-r--r-- | etc/inc/shaper.inc | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/etc/inc/shaper.inc b/etc/inc/shaper.inc index 3ea7eb9..2b4e3dd 100644 --- a/etc/inc/shaper.inc +++ b/etc/inc/shaper.inc @@ -1233,7 +1233,7 @@ class priq_queue { $form .= "</span></td></tr><tr>"; $form .= "<td width=\"22%\" class=\"vncellreq\">" . gettext("Description") . "</td>"; $form .= "<td width=\"78%\" class=\"vtable\">"; - $form .= "<input type=\"text\" name=\"description\" size=\"40\" class=\"formfld unknown\" value=\"" . $this->GetDescription() . "\" />"; + $form .= "<input type=\"text\" name=\"description\" size=\"40\" class=\"formfld unknown\" value=\"" . htmlspecialchars($this->GetDescription()) . "\" />"; $form .= "</td></tr>"; $form .= "<input type=\"hidden\" name=\"interface\" id=\"interface\""; $form .= " value=\"".$this->GetInterface()."\" />"; @@ -3414,7 +3414,7 @@ EOD; $form .= "<tr><td valign=\"middle\" class=\"vncellreq\">" . gettext("Description") . "</td>"; $form .= "<td class=\"vncellreq\">"; $form .= "<input type=\"text\" class=\"formfld unknown\" size=\"40\" id=\"description\" name=\"description\" value=\""; - $form .= $this->GetDescription(); + $form .= htmlspecialchars($this->GetDescription()); $form .= "\" />"; $form .= "<br /> <span class=\"vexpl\">"; $form .= gettext("You may enter a description here for your reference (not parsed).") . "</span>"; @@ -3695,7 +3695,7 @@ class dnqueue_class extends dummynet_class { $form .= "<tr><td valign=\"middle\" class=\"vncellreq\">" . gettext("Description") . "</td>"; $form .= "<td class=\"vncellreq\">"; $form .= "<input type=\"text\" id=\"description\" class=\"formfld unknown\" size=\"40\" name=\"description\" value=\""; - $form .= $this->GetDescription(); + $form .= htmlspecialchars($this->GetDescription()); $form .= "\" />"; $form .= "<br /> <span class=\"vexpl\">"; $form .= gettext("You may enter a description here for your reference (not parsed).") . "</span>"; @@ -3893,7 +3893,7 @@ class layer7 { $form .= "<tr><td valign=\"middle\" class=\"vncellreq\">" . gettext("Description") . "</td>"; $form .= "<td class=\"vncellreq\">"; $form .= "<input type=\"text\" class=\"formfld unknown\" size=\"40\" id=\"description\" name=\"description\" value=\""; - $form .= $this->GetRDescription(); + $form .= htmlspecialchars($this->GetRDescription()); $form .= "\" />"; $form .= "<br /> <span class=\"vexpl\">"; $form .= gettext("You may enter a description here for your reference (not parsed).") . "</span>"; |
