summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjim-p <jimp@pfsense.org>2015-08-24 08:34:09 -0400
committerjim-p <jimp@pfsense.org>2015-08-24 08:34:52 -0400
commitbfeda1cb6a7b25339506e61fb441e1670df54750 (patch)
tree1bb5a746daa3935aa1995cece5a3cef00a541d4d
parentcb7d18d561622f6071efec92a4c5d8f0fde2fcdc (diff)
downloadpfsense-bfeda1cb6a7b25339506e61fb441e1670df54750.zip
pfsense-bfeda1cb6a7b25339506e61fb441e1670df54750.tar.gz
Fix handling of the description in the shaper code.
-rw-r--r--etc/inc/shaper.inc8
1 files changed, 4 insertions, 4 deletions
diff --git a/etc/inc/shaper.inc b/etc/inc/shaper.inc
index 1946bc3..29ae7e9 100644
--- a/etc/inc/shaper.inc
+++ b/etc/inc/shaper.inc
@@ -1347,7 +1347,7 @@ class priq_queue {
$form .= "</span></td></tr><tr>";
$form .= "<td width=\"22%\" class=\"vncellreq\">" . gettext("Description") . "</td>";
$form .= "<td width=\"78%\" class=\"vtable\">";
- $form .= "<input type=\"text\" name=\"description\" size=\"40\" class=\"formfld unknown\" value=\"" . $this->GetDescription() . "\" />";
+ $form .= "<input type=\"text\" name=\"description\" size=\"40\" class=\"formfld unknown\" value=\"" . htmlspecialchars($this->GetDescription()) . "\" />";
$form .= "</td></tr>";
$form .= "<input type=\"hidden\" name=\"interface\" id=\"interface\"";
$form .= " value=\"".$this->GetInterface()."\" />";
@@ -3772,7 +3772,7 @@ EOD;
$form .= "<tr><td valign=\"middle\" class=\"vncellreq\">" . gettext("Description") . "</td>";
$form .= "<td class=\"vncellreq\">";
$form .= "<input type=\"text\" class=\"formfld unknown\" size=\"40\" id=\"description\" name=\"description\" value=\"";
- $form .= $this->GetDescription();
+ $form .= htmlspecialchars($this->GetDescription());
$form .= "\" />";
$form .= "<br /> <span class=\"vexpl\">";
$form .= gettext("You may enter a description here for your reference (not parsed).") . "</span>";
@@ -4080,7 +4080,7 @@ class dnqueue_class extends dummynet_class {
$form .= "<tr><td valign=\"middle\" class=\"vncellreq\">" . gettext("Description") . "</td>";
$form .= "<td class=\"vncellreq\">";
$form .= "<input type=\"text\" id=\"description\" class=\"formfld unknown\" size=\"40\" name=\"description\" value=\"";
- $form .= $this->GetDescription();
+ $form .= htmlspecialchars($this->GetDescription());
$form .= "\" />";
$form .= "<br /> <span class=\"vexpl\">";
$form .= gettext("You may enter a description here for your reference (not parsed).") . "</span>";
@@ -4280,7 +4280,7 @@ class layer7 {
$form .= "<tr><td valign=\"middle\" class=\"vncellreq\">" . gettext("Description") . "</td>";
$form .= "<td class=\"vncellreq\">";
$form .= "<input type=\"text\" class=\"formfld unknown\" size=\"40\" id=\"description\" name=\"description\" value=\"";
- $form .= $this->GetRDescription();
+ $form .= htmlspecialchars($this->GetRDescription());
$form .= "\" />";
$form .= "<br /> <span class=\"vexpl\">";
$form .= gettext("You may enter a description here for your reference (not parsed).") . "</span>";
OpenPOWER on IntegriCloud