diff options
author | Renato Botelho <renato@netgate.com> | 2016-09-20 07:16:31 -0300 |
---|---|---|
committer | Renato Botelho <renato@netgate.com> | 2016-09-20 07:16:40 -0300 |
commit | 353729379264fdbdf0ba209634647ce645ffc89d (patch) | |
tree | 9c015f299609b18288ee903639fce879c194fe01 /src/usr/local/www/services_captiveportal_mac_edit.php | |
parent | 8117e7fb126285060d6c2dcab4eff84a204b6d1b (diff) | |
download | pfsense-353729379264fdbdf0ba209634647ce645ffc89d.zip pfsense-353729379264fdbdf0ba209634647ce645ffc89d.tar.gz |
Sanitize 'zone' parameter on CP pages
Diffstat (limited to 'src/usr/local/www/services_captiveportal_mac_edit.php')
-rw-r--r-- | src/usr/local/www/services_captiveportal_mac_edit.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/usr/local/www/services_captiveportal_mac_edit.php b/src/usr/local/www/services_captiveportal_mac_edit.php index 0fba378..270daf3 100644 --- a/src/usr/local/www/services_captiveportal_mac_edit.php +++ b/src/usr/local/www/services_captiveportal_mac_edit.php @@ -54,7 +54,7 @@ $cpzone = $_GET['zone']; if (isset($_POST['zone'])) { $cpzone = $_POST['zone']; } -$cpzone = strtolower($cpzone); +$cpzone = strtolower(htmlspecialchars($cpzone)); if (empty($cpzone) || empty($config['captiveportal'][$cpzone])) { header("Location: services_captiveportal_zones.php"); |