Sanitize 'zone' parameter on CP pages

author: Renato Botelho <renato@netgate.com> 2016-09-20 07:16:31 -0300
committer: Renato Botelho <renato@netgate.com> 2016-09-20 07:16:31 -0300
commit: ab4b6ea448feaaf9ec2c792f93aea6a5fdd694d9 (patch)
tree: 1f95f3c905e1dda516643a50b030e12b6e545240 /src/usr/local/www/services_captiveportal_vouchers.php
parent: 377898f1aaa9c2ad3ed2d046e13b3370b3abe36f (diff)
download: pfsense-ab4b6ea448feaaf9ec2c792f93aea6a5fdd694d9.zip
pfsense-ab4b6ea448feaaf9ec2c792f93aea6a5fdd694d9.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/src/usr/local/www/services_captiveportal_vouchers.php b/src/usr/local/www/services_captiveportal_vouchers.php
index 8de4d8b..f7a243f 100644
--- a/src/usr/local/www/services_captiveportal_vouchers.php
+++ b/src/usr/local/www/services_captiveportal_vouchers.php
@@ -75,7 +75,7 @@ $cpzone = $_GET['zone'];
 if (isset($_POST['zone'])) {
 	$cpzone = $_POST['zone'];
 }
-$cpzone = strtolower($cpzone);
+$cpzone = strtolower(htmlspecialchars($cpzone));
 
 if ($_REQUEST['generatekey']) {
 	exec("/usr/bin/openssl genrsa 64 > /tmp/key64.private");
author	Renato Botelho <renato@netgate.com>	2016-09-20 07:16:31 -0300
committer	Renato Botelho <renato@netgate.com>	2016-09-20 07:16:31 -0300
commit	ab4b6ea448feaaf9ec2c792f93aea6a5fdd694d9 (patch)
tree	1f95f3c905e1dda516643a50b030e12b6e545240 /src/usr/local/www/services_captiveportal_vouchers.php
parent	377898f1aaa9c2ad3ed2d046e13b3370b3abe36f (diff)
download	pfsense-ab4b6ea448feaaf9ec2c792f93aea6a5fdd694d9.zip pfsense-ab4b6ea448feaaf9ec2c792f93aea6a5fdd694d9.tar.gz