Fix a theoretical/potential XSS in the http_referer check warning.

author: jim-p <jimp@pfsense.org> 2010-11-12 11:35:02 -0500
committer: jim-p <jimp@pfsense.org> 2010-11-12 11:35:02 -0500
commit: 4656943e59eb19a534c06cc253e266da6c52e915 (patch)
tree: 71782dd986b113eb46f74d6f4d5fb31217334227 /etc/inc/auth.inc
parent: 190d5d5814add2cc1a85fa8f3db01f54243acb58 (diff)
download: pfsense-4656943e59eb19a534c06cc253e266da6c52e915.zip
pfsense-4656943e59eb19a534c06cc253e266da6c52e915.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc
index 443c9dc..3628436 100644
--- a/etc/inc/auth.inc
+++ b/etc/inc/auth.inc
@@ -106,7 +106,7 @@ if(!$config['system']['nohttpreferercheck']) {
 				$found_host = true;
 		}
 		if($found_host == false) {
-			display_error_form("501", "An HTTP_REFERER was detected other than what is defined in System -> Advanced (" . $_SERVER['HTTP_REFERER'] . ").  You can disable this check if needed in System -> Advanced -> Admin.");
+			display_error_form("501", "An HTTP_REFERER was detected other than what is defined in System -> Advanced (" . htmlspecialchars($_SERVER['HTTP_REFERER']) . ").  You can disable this check if needed in System -> Advanced -> Admin.");
 			exit;
 		}
 	}
author	jim-p <jimp@pfsense.org>	2010-11-12 11:35:02 -0500
committer	jim-p <jimp@pfsense.org>	2010-11-12 11:35:02 -0500
commit	4656943e59eb19a534c06cc253e266da6c52e915 (patch)
tree	71782dd986b113eb46f74d6f4d5fb31217334227 /etc/inc/auth.inc
parent	190d5d5814add2cc1a85fa8f3db01f54243acb58 (diff)
download	pfsense-4656943e59eb19a534c06cc253e266da6c52e915.zip pfsense-4656943e59eb19a534c06cc253e266da6c52e915.tar.gz