diff options
author | Chris Buechler <cmb@pfsense.org> | 2016-05-16 13:23:23 +0200 |
---|---|---|
committer | Chris Buechler <cmb@pfsense.org> | 2016-05-16 13:24:05 +0200 |
commit | 0f1304eed0658a974ab3bce6371dec70458363ea (patch) | |
tree | fb45a47f60800086633c7ba83af5c5633b55dcdb /src/usr/local | |
parent | 318726075a44aaab51e42488d07e3077d9a20bd3 (diff) | |
download | pfsense-0f1304eed0658a974ab3bce6371dec70458363ea.zip pfsense-0f1304eed0658a974ab3bce6371dec70458363ea.tar.gz |
Sanitize notice output here as well. Ticket #6154
Diffstat (limited to 'src/usr/local')
-rw-r--r-- | src/usr/local/www/head.inc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/usr/local/www/head.inc b/src/usr/local/www/head.inc index cd5257e..32601fe 100644 --- a/src/usr/local/www/head.inc +++ b/src/usr/local/www/head.inc @@ -665,10 +665,10 @@ if (are_notices_pending()):?> <li> <b> <?php if (!empty($notice['url'])):?> - <a href="<?=$notice['url']?>"><?=$notice['id']?></a> - + <a href="<?=htmlspecialchars($notice['url'])?>"><?=htmlspecialchars($notice['id'])?></a> - <?php endif;?> </b> - <?=$notice['notice']?> + <?=htmlspecialchars($notice['notice'])?> <i>@ <?=date('Y-m-d H:i:s', $notice['time'])?></i> </li> <?php endforeach;?> |