Fix a potential XSS in voucher testing.

author: jim-p <jimp@pfsense.org> 2015-09-14 15:23:08 -0400
committer: jim-p <jimp@pfsense.org> 2015-09-14 15:23:08 -0400
commit: ddba5989da1a12af9d475bcc0d40955adc8c2bc3 (patch)
tree: 02eb14f800322c2d301ca0e21c988f49f6b80cb0 /src/usr/local/www/status_captiveportal_test.php
parent: dda80e7602bd190667aa23ce371eb8c3925f6459 (diff)
download: pfsense-ddba5989da1a12af9d475bcc0d40955adc8c2bc3.zip
pfsense-ddba5989da1a12af9d475bcc0d40955adc8c2bc3.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/src/usr/local/www/status_captiveportal_test.php b/src/usr/local/www/status_captiveportal_test.php
index 75e18dd..64e74f4 100644
--- a/src/usr/local/www/status_captiveportal_test.php
+++ b/src/usr/local/www/status_captiveportal_test.php
@@ -101,9 +101,9 @@ if ($_POST) {
 
 		foreach ($test_results as $result) {
 			if (strpos($result, " good ") || strpos($result, " granted ")) {
-				$output .= '<font color="green">' . $result . '</font>' . '<br />';
+				$output .= '<font color="green">' . htmlspecialchars($result) . '</font>' . '<br />';
 			} else {
-				$output .= '<font color="red">' . $result . '</font>' . '<br />';
+				$output .= '<font color="red">' . htmlspecialchars($result) . '</font>' . '<br />';
 			}
 		}
author	jim-p <jimp@pfsense.org>	2015-09-14 15:23:08 -0400
committer	jim-p <jimp@pfsense.org>	2015-09-14 15:23:08 -0400
commit	ddba5989da1a12af9d475bcc0d40955adc8c2bc3 (patch)
tree	02eb14f800322c2d301ca0e21c988f49f6b80cb0 /src/usr/local/www/status_captiveportal_test.php
parent	dda80e7602bd190667aa23ce371eb8c3925f6459 (diff)
download	pfsense-ddba5989da1a12af9d475bcc0d40955adc8c2bc3.zip pfsense-ddba5989da1a12af9d475bcc0d40955adc8c2bc3.tar.gz