diff options
author | jim-p <jimp@pfsense.org> | 2017-02-07 11:45:20 -0500 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2017-02-07 11:48:36 -0500 |
commit | 7100f0410b02d152f12f95fa892c427b06ec26c0 (patch) | |
tree | 0af2c27525e0f9fc4926dddf197e94de7c6c9982 | |
parent | 082f3663d2ac75e1f7e718715ea23b0168a866a7 (diff) | |
download | pfsense-7100f0410b02d152f12f95fa892c427b06ec26c0.zip pfsense-7100f0410b02d152f12f95fa892c427b06ec26c0.tar.gz |
Encode the contents of pkg_filter before output. Fixes #7227
-rw-r--r-- | src/usr/local/www/pkg.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/usr/local/www/pkg.php b/src/usr/local/www/pkg.php index 5e2a90e..5edc566 100644 --- a/src/usr/local/www/pkg.php +++ b/src/usr/local/www/pkg.php @@ -373,7 +373,7 @@ if ($savemsg) { echo "</select>"; } if ($include_filtering_inputbox) { - echo ' ' . gettext("Filter text: ") . '<input id="pkg_filter" name="pkg_filter" value="' . $_REQUEST['pkg_filter'] . '" />'; + echo ' ' . gettext("Filter text: ") . '<input id="pkg_filter" name="pkg_filter" value="' . htmlspecialchars($_REQUEST['pkg_filter']) . '" />'; echo ' <button type="submit" value="Filter" class="btn btn-primary btn-xs">'; echo '<i class="fa fa-filter icon-embed-btn"></i>'; echo gettext("Filter"); |