summaryrefslogtreecommitdiffstats
path: root/src/usr/local/www
diff options
context:
space:
mode:
authorNOYB <Al_Stu@Frontier.com>2015-12-15 07:30:02 -0800
committerNOYB <Al_Stu@Frontier.com>2015-12-15 07:30:02 -0800
commit47cf96e03ce9ebfa29d4a5a71b82bd31ad3081ac (patch)
treef401c9f735536a7ce09a105a4c2527f7f4bdface /src/usr/local/www
parent9621898e9736b78faf5013f3e2b2fb0ba628c4a3 (diff)
downloadpfsense-47cf96e03ce9ebfa29d4a5a71b82bd31ad3081ac.zip
pfsense-47cf96e03ce9ebfa29d4a5a71b82bd31ad3081ac.tar.gz
Applying htmlspecialchars on form action attribute causes ampersands to multiply, and also breaks multi-parameter query strings that are delimited with ampersands.
Diffstat (limited to 'src/usr/local/www')
-rw-r--r--src/usr/local/www/classes/Form.class.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/usr/local/www/classes/Form.class.php b/src/usr/local/www/classes/Form.class.php
index 6f30f69..16865c0 100644
--- a/src/usr/local/www/classes/Form.class.php
+++ b/src/usr/local/www/classes/Form.class.php
@@ -54,7 +54,7 @@ class Form extends Form_Element
$this->addGlobal($submit);
if (!isset($this->_attributes['action']))
- $this->_attributes['action'] = htmlspecialchars($_SERVER['REQUEST_URI']);
+ $this->_attributes['action'] = $_SERVER['REQUEST_URI'];
}
public function add(Form_Section $section)
OpenPOWER on IntegriCloud