diff options
author | Renato Botelho <renato@netgate.com> | 2016-09-20 07:16:31 -0300 |
---|---|---|
committer | Renato Botelho <renato@netgate.com> | 2016-09-20 07:16:31 -0300 |
commit | ab4b6ea448feaaf9ec2c792f93aea6a5fdd694d9 (patch) | |
tree | 1f95f3c905e1dda516643a50b030e12b6e545240 /src/usr/local/www/services_captiveportal_vouchers.php | |
parent | 377898f1aaa9c2ad3ed2d046e13b3370b3abe36f (diff) | |
download | pfsense-ab4b6ea448feaaf9ec2c792f93aea6a5fdd694d9.zip pfsense-ab4b6ea448feaaf9ec2c792f93aea6a5fdd694d9.tar.gz |
Sanitize 'zone' parameter on CP pages
Diffstat (limited to 'src/usr/local/www/services_captiveportal_vouchers.php')
-rw-r--r-- | src/usr/local/www/services_captiveportal_vouchers.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/usr/local/www/services_captiveportal_vouchers.php b/src/usr/local/www/services_captiveportal_vouchers.php index 8de4d8b..f7a243f 100644 --- a/src/usr/local/www/services_captiveportal_vouchers.php +++ b/src/usr/local/www/services_captiveportal_vouchers.php @@ -75,7 +75,7 @@ $cpzone = $_GET['zone']; if (isset($_POST['zone'])) { $cpzone = $_POST['zone']; } -$cpzone = strtolower($cpzone); +$cpzone = strtolower(htmlspecialchars($cpzone)); if ($_REQUEST['generatekey']) { exec("/usr/bin/openssl genrsa 64 > /tmp/key64.private"); |