diff options
author | jim-p <jimp@pfsense.org> | 2015-09-01 12:24:16 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2015-09-01 12:24:26 -0400 |
commit | 5b28ed7a817f1311790de25e448f1aa29b10c3fb (patch) | |
tree | 5bbacae10521d3b00e021ed376563558ec346bc9 /src/etc/inc/functions.inc | |
parent | 72f1f3eefb32c255b69f46c4f915b36b78056c0b (diff) | |
download | pfsense-5b28ed7a817f1311790de25e448f1aa29b10c3fb.zip pfsense-5b28ed7a817f1311790de25e448f1aa29b10c3fb.tar.gz |
Strip HTML tags from a notice to avoid a potential XSS
Diffstat (limited to 'src/etc/inc/functions.inc')
-rw-r--r-- | src/etc/inc/functions.inc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/etc/inc/functions.inc b/src/etc/inc/functions.inc index 2c8f4c8..40e2dae 100644 --- a/src/etc/inc/functions.inc +++ b/src/etc/inc/functions.inc @@ -102,7 +102,7 @@ if (!function_exists("get_menu_messages")) { foreach ($notices as $key => $value) { $date = date("m-d-y H:i:s", $key); $noticemsg = ($value['notice'] != "" ? $value['notice'] : $value['id']); - $noticemsg = preg_replace("/(\"|\'|\n|<.?\w+>)/i", "", $noticemsg); + $noticemsg = strip_tags(preg_replace("/(\"|\'|\n|<.?\w+>)/i", "", $noticemsg)); if ((strlen($noticemsg)* 8) > $domtt_width) { $domtt_width=(strlen($noticemsg) *8); } |