diff options
| author | Chris Buechler <cmb@pfsense.org> | 2016-05-16 13:23:23 +0200 |
|---|---|---|
| committer | Chris Buechler <cmb@pfsense.org> | 2016-05-16 13:23:23 +0200 |
| commit | e4710ed5d5c42430b7563904233fadac2463744e (patch) | |
| tree | 8a5de3db1526b6eb9004c400e9246cb2ec6be3d8 /src/usr/local | |
| parent | c2b51a45ded9c391d3d60a492f2ddfcc11873601 (diff) | |
| download | pfsense-e4710ed5d5c42430b7563904233fadac2463744e.zip pfsense-e4710ed5d5c42430b7563904233fadac2463744e.tar.gz | |
Sanitize notice output here as well. Ticket #6154
Diffstat (limited to 'src/usr/local')
| -rw-r--r-- | src/usr/local/www/head.inc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/usr/local/www/head.inc b/src/usr/local/www/head.inc index cd5257e..32601fe 100644 --- a/src/usr/local/www/head.inc +++ b/src/usr/local/www/head.inc @@ -665,10 +665,10 @@ if (are_notices_pending()):?> <li> <b> <?php if (!empty($notice['url'])):?> - <a href="<?=$notice['url']?>"><?=$notice['id']?></a> - + <a href="<?=htmlspecialchars($notice['url'])?>"><?=htmlspecialchars($notice['id'])?></a> - <?php endif;?> </b> - <?=$notice['notice']?> + <?=htmlspecialchars($notice['notice'])?> <i>@ <?=date('Y-m-d H:i:s', $notice['time'])?></i> </li> <?php endforeach;?> |
