diff options
| author | NOYB <Al_Stu@Frontier.com> | 2015-12-15 07:30:02 -0800 |
|---|---|---|
| committer | NOYB <Al_Stu@Frontier.com> | 2015-12-15 07:30:02 -0800 |
| commit | 47cf96e03ce9ebfa29d4a5a71b82bd31ad3081ac (patch) | |
| tree | f401c9f735536a7ce09a105a4c2527f7f4bdface /src/usr/local/www | |
| parent | 9621898e9736b78faf5013f3e2b2fb0ba628c4a3 (diff) | |
| download | pfsense-47cf96e03ce9ebfa29d4a5a71b82bd31ad3081ac.zip pfsense-47cf96e03ce9ebfa29d4a5a71b82bd31ad3081ac.tar.gz | |
Applying htmlspecialchars on form action attribute causes ampersands to multiply, and also breaks multi-parameter query strings that are delimited with ampersands.
Diffstat (limited to 'src/usr/local/www')
| -rw-r--r-- | src/usr/local/www/classes/Form.class.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/usr/local/www/classes/Form.class.php b/src/usr/local/www/classes/Form.class.php index 6f30f69..16865c0 100644 --- a/src/usr/local/www/classes/Form.class.php +++ b/src/usr/local/www/classes/Form.class.php @@ -54,7 +54,7 @@ class Form extends Form_Element $this->addGlobal($submit); if (!isset($this->_attributes['action'])) - $this->_attributes['action'] = htmlspecialchars($_SERVER['REQUEST_URI']); + $this->_attributes['action'] = $_SERVER['REQUEST_URI']; } public function add(Form_Section $section) |
