diff options
author | jim-p <jimp@pfsense.org> | 2017-02-07 11:14:25 -0500 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2017-02-07 11:14:25 -0500 |
commit | 2c06742d784cb7ec85151327fd753536d98fbcc1 (patch) | |
tree | 116680309fe72c7bea457042239c886d1dc15dac /src/usr/local/www/pkg_mgr_install.php | |
parent | db7a10ab66d8565ce56192bdfd6f62b0a69aac5d (diff) | |
download | pfsense-2c06742d784cb7ec85151327fd753536d98fbcc1.zip pfsense-2c06742d784cb7ec85151327fd753536d98fbcc1.tar.gz |
Encode 'from' and 'to' before output on pkg_mgr_install.php. Fixes #7225
Diffstat (limited to 'src/usr/local/www/pkg_mgr_install.php')
-rw-r--r-- | src/usr/local/www/pkg_mgr_install.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/usr/local/www/pkg_mgr_install.php b/src/usr/local/www/pkg_mgr_install.php index 9e11d80..5d1f10f 100644 --- a/src/usr/local/www/pkg_mgr_install.php +++ b/src/usr/local/www/pkg_mgr_install.php @@ -294,7 +294,7 @@ if (!$confirmed && !$completed && <?php elseif ($_GET['from'] && $_GET['to']): ?> - <?=sprintf(gettext('Confirmation Required to upgrade package %1$s from %2$s to %3$s.'), $pkgname, $_GET['from'], $_GET['to'])?> + <?=sprintf(gettext('Confirmation Required to upgrade package %1$s from %2$s to %3$s.'), $pkgname, htmlspecialchars($_GET['from']), htmlspecialchars($_GET['to']))?> <?php elseif ($firmwareupdate): ?> |