diff options
| author | Chris Buechler <cmb@pfsense.org> | 2016-05-12 04:29:32 -0500 |
|---|---|---|
| committer | Chris Buechler <cmb@pfsense.org> | 2016-05-12 04:31:32 -0500 |
| commit | 78012791480c8fa7bc4fbbf0d2b7cbbe4de8975a (patch) | |
| tree | 53e29304e645a9230d18e2452cfe0c52ec6c9510 | |
| parent | 4458ed6b5d3b63d19e17b672a7fcf7dc9b231d99 (diff) | |
| download | pfsense-78012791480c8fa7bc4fbbf0d2b7cbbe4de8975a.zip pfsense-78012791480c8fa7bc4fbbf0d2b7cbbe4de8975a.tar.gz | |
Store notices safely to prevent potential XSS when notices are displayed locally or by remote systems where they're shipped. Ticket #6154
| -rw-r--r-- | src/etc/inc/notices.inc | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/src/etc/inc/notices.inc b/src/etc/inc/notices.inc index b50165d..c496ddb 100644 --- a/src/etc/inc/notices.inc +++ b/src/etc/inc/notices.inc @@ -90,11 +90,11 @@ function file_notice($id, $notice, $category = "General", $url = "", $priority = } $queuekey = time(); $toqueue = array( - 'id' => $id, - 'notice' => $notice, - 'url' => $url, - 'category' => $category, - 'priority' => $priority, + 'id' => htmlentities($id), + 'notice' => htmlentities($notice), + 'url' => htmlentities($url), + 'category' => htmlentities($category), + 'priority' => htmlentities($priority), ); while (isset($queue[$queuekey])) { $queuekey++; |
