summaryrefslogtreecommitdiffstats
path: root/src/usr/local/www/services_captiveportal_zones_edit.php
diff options
context:
space:
mode:
authorRenato Botelho <renato@netgate.com>2016-09-20 07:16:31 -0300
committerRenato Botelho <renato@netgate.com>2016-09-20 07:16:40 -0300
commit353729379264fdbdf0ba209634647ce645ffc89d (patch)
tree9c015f299609b18288ee903639fce879c194fe01 /src/usr/local/www/services_captiveportal_zones_edit.php
parent8117e7fb126285060d6c2dcab4eff84a204b6d1b (diff)
downloadpfsense-353729379264fdbdf0ba209634647ce645ffc89d.zip
pfsense-353729379264fdbdf0ba209634647ce645ffc89d.tar.gz
Sanitize 'zone' parameter on CP pages
Diffstat (limited to 'src/usr/local/www/services_captiveportal_zones_edit.php')
-rw-r--r--src/usr/local/www/services_captiveportal_zones_edit.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/usr/local/www/services_captiveportal_zones_edit.php b/src/usr/local/www/services_captiveportal_zones_edit.php
index 4ad1013..824143c 100644
--- a/src/usr/local/www/services_captiveportal_zones_edit.php
+++ b/src/usr/local/www/services_captiveportal_zones_edit.php
@@ -62,7 +62,7 @@ if ($_POST) {
}
if (!$input_errors) {
- $cpzone = strtolower($_POST['zone']);
+ $cpzone = strtolower(htmlspecialchars($_POST['zone']);
$a_cp[$cpzone] = array();
$a_cp[$cpzone]['zone'] = str_replace(" ", "", $_POST['zone']);
$a_cp[$cpzone]['descr'] = $_POST['descr'];
OpenPOWER on IntegriCloud