diff options
| author | jim-p <jimp@pfsense.org> | 2015-09-01 12:16:32 -0400 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2015-09-01 12:16:32 -0400 |
| commit | 1107259e9c8130f1d2e44a55ff5b8154bf03413a (patch) | |
| tree | 858e0767d65aa90d6ce68045693e9a122c9d6f28 | |
| parent | 206154295194d88942f419dd4c8d2c824963cf1c (diff) | |
| download | pfsense-1107259e9c8130f1d2e44a55ff5b8154bf03413a.zip pfsense-1107259e9c8130f1d2e44a55ff5b8154bf03413a.tar.gz | |
Strip HTML tags from a notice to avoid a potential XSS
| -rw-r--r-- | etc/inc/functions.inc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/etc/inc/functions.inc b/etc/inc/functions.inc index a89aeff..b7b7001 100644 --- a/etc/inc/functions.inc +++ b/etc/inc/functions.inc @@ -97,7 +97,7 @@ if(!function_exists("get_menu_messages")) { foreach ($notices as $key => $value) { $date = date("m-d-y H:i:s", $key); $noticemsg = ($value['notice'] != "" ? $value['notice'] : $value['id']); - $noticemsg = preg_replace("/(\"|\'|\n|<.?\w+>)/i","",$noticemsg); + $noticemsg = strip_tags(preg_replace("/(\"|\'|\n|<.?\w+>)/i","",$noticemsg)); if ((strlen($noticemsg)* 8) > $domtt_width) $domtt_width=(strlen($noticemsg) *8); if ((strlen($noticemsg)* 8) > 900) |
