diff options
author | Chris Buechler <cmb@pfsense.org> | 2016-05-12 04:29:32 -0500 |
---|---|---|
committer | Chris Buechler <cmb@pfsense.org> | 2016-05-12 04:31:32 -0500 |
commit | 78012791480c8fa7bc4fbbf0d2b7cbbe4de8975a (patch) | |
tree | 53e29304e645a9230d18e2452cfe0c52ec6c9510 /src/etc | |
parent | 4458ed6b5d3b63d19e17b672a7fcf7dc9b231d99 (diff) | |
download | pfsense-78012791480c8fa7bc4fbbf0d2b7cbbe4de8975a.zip pfsense-78012791480c8fa7bc4fbbf0d2b7cbbe4de8975a.tar.gz |
Store notices safely to prevent potential XSS when notices are displayed locally or by remote systems where they're shipped. Ticket #6154
Diffstat (limited to 'src/etc')
-rw-r--r-- | src/etc/inc/notices.inc | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/src/etc/inc/notices.inc b/src/etc/inc/notices.inc index b50165d..c496ddb 100644 --- a/src/etc/inc/notices.inc +++ b/src/etc/inc/notices.inc @@ -90,11 +90,11 @@ function file_notice($id, $notice, $category = "General", $url = "", $priority = } $queuekey = time(); $toqueue = array( - 'id' => $id, - 'notice' => $notice, - 'url' => $url, - 'category' => $category, - 'priority' => $priority, + 'id' => htmlentities($id), + 'notice' => htmlentities($notice), + 'url' => htmlentities($url), + 'category' => htmlentities($category), + 'priority' => htmlentities($priority), ); while (isset($queue[$queuekey])) { $queuekey++; |