summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjim-p <jimp@pfsense.org>2017-02-07 11:45:20 -0500
committerjim-p <jimp@pfsense.org>2017-02-07 11:48:39 -0500
commited7bfaa4b99fc6d4c4f3b2be1dfd738f3cc8e16b (patch)
treec9db44d467565ca638ab3573b99a78fecc91f517
parentede8a9537ef9d15f8c1d288d9e89d4476a84656f (diff)
downloadpfsense-ed7bfaa4b99fc6d4c4f3b2be1dfd738f3cc8e16b.zip
pfsense-ed7bfaa4b99fc6d4c4f3b2be1dfd738f3cc8e16b.tar.gz
Encode the contents of pkg_filter before output. Fixes #7227
-rw-r--r--src/usr/local/www/pkg.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/usr/local/www/pkg.php b/src/usr/local/www/pkg.php
index 5189abe..6cebafd 100644
--- a/src/usr/local/www/pkg.php
+++ b/src/usr/local/www/pkg.php
@@ -373,7 +373,7 @@ if ($savemsg) {
echo "</select>";
}
if ($include_filtering_inputbox) {
- echo '&nbsp;&nbsp;' . gettext("Filter text: ") . '<input id="pkg_filter" name="pkg_filter" value="' . $_REQUEST['pkg_filter'] . '" />';
+ echo '&nbsp;&nbsp;' . gettext("Filter text: ") . '<input id="pkg_filter" name="pkg_filter" value="' . htmlspecialchars($_REQUEST['pkg_filter']) . '" />';
echo '&nbsp;<button type="submit" value="Filter" class="btn btn-primary btn-xs">';
echo '<i class="fa fa-filter icon-embed-btn"></i>';
echo gettext("Filter");
OpenPOWER on IntegriCloud