summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjim-p <jimp@pfsense.org>2014-08-06 15:34:05 -0400
committerjim-p <jimp@pfsense.org>2014-08-06 15:36:24 -0400
commit92ca4bc3b4d217a8303ff1ac95eb539ba84727e4 (patch)
treeed243645bbfe3dfb72c98ea4c33a2f83d86d79d5
parent071f6059996bdb9d9d0a68082a14dc71c0fbabe6 (diff)
downloadpfsense-92ca4bc3b4d217a8303ff1ac95eb539ba84727e4.zip
pfsense-92ca4bc3b4d217a8303ff1ac95eb539ba84727e4.tar.gz
Encode the detail field of an alias entry before displaying its contents back to the user.
-rwxr-xr-xusr/local/www/firewall_aliases_edit.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/usr/local/www/firewall_aliases_edit.php b/usr/local/www/firewall_aliases_edit.php
index 3503350..e3c0471 100755
--- a/usr/local/www/firewall_aliases_edit.php
+++ b/usr/local/www/firewall_aliases_edit.php
@@ -721,7 +721,7 @@ if (empty($tab)) {
</select>
</td>
<td>
- <input name="detail<?php echo $counter; ?>" type="text" class="formfld unknown" id="detail<?php echo $counter; ?>" size="50" value="<?=$details[$counter];?>" />
+ <input name="detail<?php echo $counter; ?>" type="text" class="formfld unknown" id="detail<?php echo $counter; ?>" size="50" value="<?=htmlspecialchars($details[$counter]);?>" />
</td>
<td>
<a onclick="removeRow(this); return false;" href="#"><img border="0" src="/themes/<?echo $g['theme'];?>/images/icons/icon_x.gif" alt="" title="<?=gettext("remove this entry"); ?>" /></a>
OpenPOWER on IntegriCloud