diff options
| author | jim-p <jimp@pfsense.org> | 2017-04-26 13:27:58 -0400 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2017-04-26 13:28:09 -0400 |
| commit | 9e721fea09dc252cd264bc2b67ef40a1d2d81e11 (patch) | |
| tree | 9ef029c4e662bc1f2b744c3513731e15d1bf3acd /src/usr/local | |
| parent | cad0d5bc8da8034c4fa7f41e5476a80b0c38b04f (diff) | |
| download | pfsense-9e721fea09dc252cd264bc2b67ef40a1d2d81e11.zip pfsense-9e721fea09dc252cd264bc2b67ef40a1d2d81e11.tar.gz | |
Encode hostname and other output for DHCP lease status. Fixes #7497
(cherry picked from commit a260eda55905607e9adfd5d7c3fd779b115459d5)
Diffstat (limited to 'src/usr/local')
| -rw-r--r-- | src/usr/local/www/status_dhcp_leases.php | 40 |
1 files changed, 20 insertions, 20 deletions
diff --git a/src/usr/local/www/status_dhcp_leases.php b/src/usr/local/www/status_dhcp_leases.php index 6a4044a..1858e33 100644 --- a/src/usr/local/www/status_dhcp_leases.php +++ b/src/usr/local/www/status_dhcp_leases.php @@ -359,11 +359,11 @@ if (count($pools) > 0) { <tbody> <?php foreach ($pools as $data):?> <tr> - <td><?=$data['name']?></td> - <td><?=$data['mystate']?></td> - <td><?=adjust_gmt($data['mydate'])?></td> - <td><?=$data['peerstate']?></td> - <td><?=adjust_gmt($data['peerdate'])?></td> + <td><?=htmlspecialchars($data['name'])?></td> + <td><?=htmlspecialchars($data['mystate'])?></td> + <td><?=htmlspecialchars(adjust_gmt($data['mydate']))?></td> + <td><?=htmlspecialchars($data['peerstate'])?></td> + <td><?=htmlspecialchars(adjust_gmt($data['peerdate']))?></td> </tr> <?php endforeach; ?> </tbody> @@ -463,46 +463,46 @@ foreach ($leases as $data): ?> <tr> <td><i class="fa <?=$icon?>"></i></td> - <td><?=$data['ip']?></td> + <td><?=htmlspecialchars($data['ip'])?></td> <td> - <?=$mac?> + <?=htmlspecialchars($mac)?> <?php if (isset($mac_man[$mac_hi])):?> - (<?=$mac_man[$mac_hi]?>) + (<?=htmlspecialchars($mac_man[$mac_hi])?>) <?php endif; ?> </td> <?php /* only make CID column when we have one */ if ($got_cid) { ?> - <td><?=$data['cid']?></td> + <td><?=htmlspecialchars($data['cid'])?></td> <?php } ?> - <td><?=$data['hostname']?></td> - <td><?=$data['descr']?></td> + <td><?=htmlspecialchars($data['hostname'])?></td> + <td><?=htmlspecialchars($data['descr'])?></td> <? if ($data['type'] != "static"): ?> - <td><?=adjust_gmt($data['start'])?></td> - <td><?=adjust_gmt($data['end'])?></td> + <td><?=htmlspecialchars(adjust_gmt($data['start']))?></td> + <td><?=htmlspecialchars(adjust_gmt($data['end']))?></td> <? else: ?> <td><?=gettext("n/a")?></td> <td><?=gettext("n/a")?></td> <? endif; ?> - <td><?=$data['online']?></td> - <td><?=$data['act']?></td> + <td><?=htmlspecialchars($data['online'])?></td> + <td><?=htmlspecialchars($data['act'])?></td> <td> <?php if ($data['type'] == $dynamic_string): ?> - <a class="fa fa-plus-square-o" title="<?=gettext("Add static mapping")?>" href="services_dhcp_edit.php?if=<?=$data['if']?>&mac=<?=$data['mac']?>&hostname=<?=htmlspecialchars($data['hostname'])?>"></a> + <a class="fa fa-plus-square-o" title="<?=gettext("Add static mapping")?>" href="services_dhcp_edit.php?if=<?=htmlspecialchars($data['if'])?>&mac=<?=htmlspecialchars($data['mac'])?>&hostname=<?=htmlspecialchars($data['hostname'])?>"></a> <?php else: ?> - <a class="fa fa-pencil" title="<?=gettext('Edit static mapping')?>" href="services_dhcp_edit.php?if=<?=$data['if']?>&id=<?=$data['staticmap_array_index']?>"></a> + <a class="fa fa-pencil" title="<?=gettext('Edit static mapping')?>" href="services_dhcp_edit.php?if=<?=htmlspecialchars($data['if'])?>&id=<?=htmlspecialchars($data['staticmap_array_index'])?>"></a> <?php endif; ?> - <a class="fa fa-plus-square" title="<?=gettext("Add WOL mapping")?>" href="services_wol_edit.php?if=<?=$data['if']?>&mac=<?=$data['mac']?>&descr=<?=$data['hostname']?>"></a> + <a class="fa fa-plus-square" title="<?=gettext("Add WOL mapping")?>" href="services_wol_edit.php?if=<?=htmlspecialchars($data['if'])?>&mac=<?=htmlspecialchars($data['mac'])?>&descr=<?=htmlspecialchars($data['hostname'])?>"></a> <?php if ($data['online'] != $online_string):?> - <a class="fa fa-power-off" title="<?=gettext("Send WOL packet")?>" href="services_wol.php?if=<?=$data['if']?>&mac=<?=$data['mac']?>"></a> + <a class="fa fa-power-off" title="<?=gettext("Send WOL packet")?>" href="services_wol.php?if=<?=htmlspecialchars($data['if'])?>&mac=<?=htmlspecialchars($data['mac'])?>"></a> <?php endif; ?> <?php if ($data['type'] == $dynamic_string && $data['online'] != $online_string):?> - <a class="fa fa-trash" title="<?=gettext('Delete lease')?>" href="status_dhcp_leases.php?deleteip=<?=$data['ip']?>&all=<?=intval($_GET['all'])?>"></a> + <a class="fa fa-trash" title="<?=gettext('Delete lease')?>" href="status_dhcp_leases.php?deleteip=<?=htmlspecialchars($data['ip'])?>&all=<?=intval($_GET['all'])?>"></a> <?php endif; ?> </td> </tr> |
