Encode the rule description before displaying back to the user in an error when attempting to delete an in-use alias.

author: jim-p <jimp@pfsense.org> 2015-09-01 12:22:59 -0400
committer: jim-p <jimp@pfsense.org> 2015-09-01 12:24:26 -0400
commit: 72f1f3eefb32c255b69f46c4f915b36b78056c0b (patch)
tree: 05f73d8e5cde64d7c3da1338da8fd5182c97e13d /src/usr/local/www/firewall_aliases.php
parent: a80b4a2291ee38af77e2c48b270bf9b3d509f483 (diff)
download: pfsense-72f1f3eefb32c255b69f46c4f915b36b78056c0b.zip
pfsense-72f1f3eefb32c255b69f46c4f915b36b78056c0b.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/src/usr/local/www/firewall_aliases.php b/src/usr/local/www/firewall_aliases.php
index c7be7d9..5ffb7e5 100644
--- a/src/usr/local/www/firewall_aliases.php
+++ b/src/usr/local/www/firewall_aliases.php
@@ -132,7 +132,7 @@ if ($_GET['act'] == "del") {
 		// Static routes
 		find_alias_reference(array('staticroutes', 'route'), array('network'), $alias_name, $is_alias_referenced, $referenced_by);
 		if ($is_alias_referenced == true) {
-			$savemsg = sprintf(gettext("Cannot delete alias. Currently in use by %s"), $referenced_by);
+			$savemsg = sprintf(gettext("Cannot delete alias. Currently in use by %s"), htmlspecialchars($referenced_by));
 		} else {
 			unset($a_aliases[$_GET['id']]);
 			if (write_config()) {
author	jim-p <jimp@pfsense.org>	2015-09-01 12:22:59 -0400
committer	jim-p <jimp@pfsense.org>	2015-09-01 12:24:26 -0400
commit	72f1f3eefb32c255b69f46c4f915b36b78056c0b (patch)
tree	05f73d8e5cde64d7c3da1338da8fd5182c97e13d /src/usr/local/www/firewall_aliases.php
parent	a80b4a2291ee38af77e2c48b270bf9b3d509f483 (diff)
download	pfsense-72f1f3eefb32c255b69f46c4f915b36b78056c0b.zip pfsense-72f1f3eefb32c255b69f46c4f915b36b78056c0b.tar.gz