diff options
| author | jim-p <jimp@pfsense.org> | 2014-08-06 15:34:05 -0400 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2014-08-06 15:34:05 -0400 |
| commit | 2276d7431996456f3b6bbeffebc5c76ac873f8c5 (patch) | |
| tree | a62d4793c0af7ac43473ac9125ff1b00870b6934 | |
| parent | 52c67bc2d2681b79e6f46979c62367c3af8602b7 (diff) | |
| download | pfsense-2276d7431996456f3b6bbeffebc5c76ac873f8c5.zip pfsense-2276d7431996456f3b6bbeffebc5c76ac873f8c5.tar.gz | |
Encode the detail field of an alias entry before displaying its contents back to the user.
| -rwxr-xr-x | usr/local/www/firewall_aliases_edit.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/usr/local/www/firewall_aliases_edit.php b/usr/local/www/firewall_aliases_edit.php index 3df7948..2c83a45 100755 --- a/usr/local/www/firewall_aliases_edit.php +++ b/usr/local/www/firewall_aliases_edit.php @@ -677,7 +677,7 @@ if (empty($tab)) { </select> </td> <td> - <input name="detail<?php echo $counter; ?>" type="text" class="formfld unknown" id="detail<?php echo $counter; ?>" size="50" value="<?=$details[$counter];?>" /> + <input name="detail<?php echo $counter; ?>" type="text" class="formfld unknown" id="detail<?php echo $counter; ?>" size="50" value="<?=htmlspecialchars($details[$counter]);?>" /> </td> <td> <a onclick="removeRow(this); return false;" href="#"><img border="0" src="/themes/<?echo $g['theme'];?>/images/icons/icon_x.gif" alt="" title="<?=gettext("remove this entry"); ?>" /></a> |
