diff options
| author | jim-p <jimp@pfsense.org> | 2015-12-21 15:37:25 -0500 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2015-12-21 15:37:25 -0500 |
| commit | 392796a4610568932ab051b9e33bcd25716d80dc (patch) | |
| tree | 3f96ab4796df78c1c8e69d5ea6a210c1257b95f1 | |
| parent | 3643958c95913d83a3417924f67517e6b2b41ff7 (diff) | |
| download | pfsense-RELENG_2_2_6.zip pfsense-RELENG_2_2_6.tar.gz | |
Encode parameters in shaper queues before display.RELENG_2_2_6
| -rw-r--r-- | etc/inc/shaper.inc | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/etc/inc/shaper.inc b/etc/inc/shaper.inc index 2b4e3dd..89890b8 100644 --- a/etc/inc/shaper.inc +++ b/etc/inc/shaper.inc @@ -646,7 +646,7 @@ class altq_root_queue { $form .= "</td></tr>"; $form .= "<tr><td valign=\"middle\" class=\"vncellreq\"><br /><span class=\"vexpl\">" . gettext("Name") . "</span></td>"; $form .= "<td class=\"vncellreq\">"; - $form .= "<strong>".$this->GetQname()."</strong>"; + $form .= "<strong>".htmlspecialchars($this->GetQname())."</strong>"; $form .= "</td></tr>"; $form .= "<tr><td valign=\"middle\" class=\"vncellreq\">" . gettext("Scheduler Type "); $form .= "</td>"; @@ -681,7 +681,7 @@ class altq_root_queue { $form .= "<tr><td valign=\"middle\" class=\"vncellreq\">" . gettext("Bandwidth"); $form .= "</td><td class=\"vncellreq\">"; $form .= "<input type=\"text\" id=\"bandwidth\" name=\"bandwidth\" value=\""; - $form .= $this->GetBandwidth() . "\" />"; + $form .= htmlspecialchars($this->GetBandwidth()) . "\" />"; $form .= "<select id=\"bandwidthtype\" name=\"bandwidthtype\" class=\"formselect\">"; $form .= "<option value=\"Kb\""; if ($this->GetBwscale() == "Kb") @@ -704,13 +704,13 @@ class altq_root_queue { $form .= "<tr><td valign=\"middle\" class=\"vncellreq\">Queue Limit</td>"; $form .= "<td class=\"vncellreq\">"; $form .= "<input type=\"text\" id=\"qlimit\" name=\"qlimit\" value=\""; - $form .= $this->GetQlimit(); + $form .= htmlspecialchars($this->GetQlimit()); $form .= "\" />"; $form .= "</td></tr>"; $form .= "<tr><td valign=\"middle\" class=\"vncellreq\">TBR Size</td>"; $form .= "<td class=\"vncellreq\">"; $form .= "<br /><input type=\"text\" id=\"tbrconfig\" name=\"tbrconfig\" value=\""; - $form .= $this->GetTbrConfig(); + $form .= htmlspecialchars($this->GetTbrConfig()); $form .= "\" />"; $form .= "<br /> <span class=\"vexpl\">"; $form .= gettext("Adjusts the size, in bytes, of the token bucket regulator. " @@ -718,8 +718,8 @@ class altq_root_queue { . "bandwidth are used to determine the size."); $form .= "</span></td></tr>"; $form .= "<input type=\"hidden\" id=\"interface\" name=\"interface\""; - $form .= " value=\"" . $this->GetInterface() . "\" />"; - $form .= "<input type=\"hidden\" id=\"name\" name=\"name\" value=\"".$this->GetQname()."\" />"; + $form .= " value=\"" . htmlspecialchars($this->GetInterface()) . "\" />"; + $form .= "<input type=\"hidden\" id=\"name\" name=\"name\" value=\"".htmlspecialchars($this->GetQname())."\" />"; return $form; |
