diff options
author | jim-p <jimp@pfsense.org> | 2017-02-07 11:45:20 -0500 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2017-02-07 11:45:20 -0500 |
commit | 6ac61204bc9e4cff54c818ecc71d20d2626a02e1 (patch) | |
tree | 37b70862a11ba455fee35c66b1cdc5d9523cee0d /src/usr/local/www/pkg.php | |
parent | 2c06742d784cb7ec85151327fd753536d98fbcc1 (diff) | |
download | pfsense-6ac61204bc9e4cff54c818ecc71d20d2626a02e1.zip pfsense-6ac61204bc9e4cff54c818ecc71d20d2626a02e1.tar.gz |
Encode the contents of pkg_filter before output. Fixes #7227
Diffstat (limited to 'src/usr/local/www/pkg.php')
-rw-r--r-- | src/usr/local/www/pkg.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/usr/local/www/pkg.php b/src/usr/local/www/pkg.php index 84aef95..08c0b1c 100644 --- a/src/usr/local/www/pkg.php +++ b/src/usr/local/www/pkg.php @@ -346,7 +346,7 @@ if ($savemsg) { echo "</select>"; } if ($include_filtering_inputbox) { - echo ' ' . gettext("Filter text: ") . '<input id="pkg_filter" name="pkg_filter" value="' . $_REQUEST['pkg_filter'] . '" />'; + echo ' ' . gettext("Filter text: ") . '<input id="pkg_filter" name="pkg_filter" value="' . htmlspecialchars($_REQUEST['pkg_filter']) . '" />'; echo ' <button type="submit" value="Filter" class="btn btn-primary btn-xs">'; echo '<i class="fa fa-filter icon-embed-btn"></i>'; echo gettext("Filter"); |