diff options
author | jim-p <jimp@pfsense.org> | 2016-02-10 13:02:01 -0500 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2016-02-10 13:29:05 -0500 |
commit | 1ab9e48986ff9a0cccf03a5abb0c1ad917db1624 (patch) | |
tree | bf25d7856ade8d21fc7dbef2ff15900d4262c25d | |
parent | 6a109e3eafe6849d7907d59a3395329aaf5c12c9 (diff) | |
download | pfsense-1ab9e48986ff9a0cccf03a5abb0c1ad917db1624.zip pfsense-1ab9e48986ff9a0cccf03a5abb0c1ad917db1624.tar.gz |
Encode gateway name and description before printing. Fixes #5876
-rw-r--r-- | usr/local/www/system_gateway_groups_edit.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/usr/local/www/system_gateway_groups_edit.php b/usr/local/www/system_gateway_groups_edit.php index e32992a..68ef3c9 100644 --- a/usr/local/www/system_gateway_groups_edit.php +++ b/usr/local/www/system_gateway_groups_edit.php @@ -273,7 +273,7 @@ jQuery(function ($) { $tr_id = $gwname . "_row"; echo "<tr class='gateway_row' id='{$tr_id}'>\n"; echo "<td class='listlr'>"; - echo "<strong>{$gateway['name']} </strong>"; + echo "<strong>" . htmlspecialchars($gateway['name']) . " </strong>"; echo "</td><td class='listr'>"; echo "<select name='{$gwname}' class='gateway_tier_selector formfldselect' id='{$gwname}'>\n"; echo "<option value='0' $selected[0] >" . gettext("Never") . "</option>\n"; @@ -309,7 +309,7 @@ jQuery(function ($) { echo "<option value='{$vip}' $selected[$vip] >$vip - $address</option>\n"; } echo "</select></td>"; - echo "<td class='listr'><strong>{$gateway['descr']} </strong>"; + echo "<td class='listr'><strong>" . htmlspecialchars($gateway['descr']) . " </strong>"; echo "</td></tr>"; } ?> |