diff options
author | Renato Botelho <garga@FreeBSD.org> | 2014-06-17 15:13:42 -0300 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2014-06-17 15:13:51 -0300 |
commit | 2b641a08ab6e781b4795b0b3e3d9c1268aa91964 (patch) | |
tree | 1ff3bb73b7144bdf730b74f66e9ed6a6767a8c85 | |
parent | e4921058c6c5e2cb99b997fcf2594e9a7e10a11e (diff) | |
download | pfsense-2b641a08ab6e781b4795b0b3e3d9c1268aa91964.zip pfsense-2b641a08ab6e781b4795b0b3e3d9c1268aa91964.tar.gz |
Protect servicestatusfilter parameter with htmlspecialchars()
-rw-r--r-- | usr/local/www/widgets/widgets/services_status.widget.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/usr/local/www/widgets/widgets/services_status.widget.php b/usr/local/www/widgets/widgets/services_status.widget.php index dfe172b..ec68a65 100644 --- a/usr/local/www/widgets/widgets/services_status.widget.php +++ b/usr/local/www/widgets/widgets/services_status.widget.php @@ -41,7 +41,7 @@ require_once("/usr/local/www/widgets/include/services_status.inc"); $services = get_services(); if(isset($_POST['servicestatusfilter'])) { - $config['widgets']['servicestatusfilter'] = $_POST['servicestatusfilter']; + $config['widgets']['servicestatusfilter'] = htmlspecialchars($_POST['servicestatusfilter'], ENT_QUOTES | ENT_HTML401); write_config("Saved Service Status Filter via Dashboard"); header("Location: ../../index.php"); } |