diff options
| author | jim-p <jimp@pfsense.org> | 2014-08-06 15:34:05 -0400 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2014-08-06 15:36:24 -0400 |
| commit | 92ca4bc3b4d217a8303ff1ac95eb539ba84727e4 (patch) | |
| tree | ed243645bbfe3dfb72c98ea4c33a2f83d86d79d5 | |
| parent | 071f6059996bdb9d9d0a68082a14dc71c0fbabe6 (diff) | |
| download | pfsense-92ca4bc3b4d217a8303ff1ac95eb539ba84727e4.zip pfsense-92ca4bc3b4d217a8303ff1ac95eb539ba84727e4.tar.gz | |
Encode the detail field of an alias entry before displaying its contents back to the user.
| -rwxr-xr-x | usr/local/www/firewall_aliases_edit.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/usr/local/www/firewall_aliases_edit.php b/usr/local/www/firewall_aliases_edit.php index 3503350..e3c0471 100755 --- a/usr/local/www/firewall_aliases_edit.php +++ b/usr/local/www/firewall_aliases_edit.php @@ -721,7 +721,7 @@ if (empty($tab)) { </select> </td> <td> - <input name="detail<?php echo $counter; ?>" type="text" class="formfld unknown" id="detail<?php echo $counter; ?>" size="50" value="<?=$details[$counter];?>" /> + <input name="detail<?php echo $counter; ?>" type="text" class="formfld unknown" id="detail<?php echo $counter; ?>" size="50" value="<?=htmlspecialchars($details[$counter]);?>" /> </td> <td> <a onclick="removeRow(this); return false;" href="#"><img border="0" src="/themes/<?echo $g['theme'];?>/images/icons/icon_x.gif" alt="" title="<?=gettext("remove this entry"); ?>" /></a> |
