diff options
author | Phil Davis <phil.davis@inf.org> | 2017-03-17 11:26:48 +0545 |
---|---|---|
committer | Phil Davis <phil.davis@inf.org> | 2017-03-17 11:26:48 +0545 |
commit | f95d6bdc1910690eb90b94227626f2db188a69ba (patch) | |
tree | cd27a9163dc89c5f0f1a38c67caecbe23202537c /src/usr/local | |
parent | 58e8a4fd52793b1792b36b0928b9cfbfa2106b19 (diff) | |
download | pfsense-f95d6bdc1910690eb90b94227626f2db188a69ba.zip pfsense-f95d6bdc1910690eb90b94227626f2db188a69ba.tar.gz |
No need to check for HTML in NAT 1to1 or NAT Out descr
Diffstat (limited to 'src/usr/local')
-rw-r--r-- | src/usr/local/www/firewall_nat_1to1_edit.php | 4 | ||||
-rw-r--r-- | src/usr/local/www/firewall_nat_out_edit.php | 4 |
2 files changed, 8 insertions, 0 deletions
diff --git a/src/usr/local/www/firewall_nat_1to1_edit.php b/src/usr/local/www/firewall_nat_1to1_edit.php index e27d433..d16f4ce 100644 --- a/src/usr/local/www/firewall_nat_1to1_edit.php +++ b/src/usr/local/www/firewall_nat_1to1_edit.php @@ -104,6 +104,10 @@ if ($_POST['save']) { * cannot think he is slick and perform a XSS attack on the unwilling */ foreach ($_POST as $key => $value) { + if ($key == 'descr') { + continue; + } + $temp = str_replace(">", "", $value); $newpost = htmlentities($temp); diff --git a/src/usr/local/www/firewall_nat_out_edit.php b/src/usr/local/www/firewall_nat_out_edit.php index 92f9060..9858391 100644 --- a/src/usr/local/www/firewall_nat_out_edit.php +++ b/src/usr/local/www/firewall_nat_out_edit.php @@ -146,6 +146,10 @@ if ($_POST['save']) { * cannot think he is slick and perform a XSS attack on the unwilling */ foreach ($_POST as $key => $value) { + if ($key == 'descr') { + continue; + } + $temp = str_replace(">", "", $value); $newpost = htmlentities($temp); if ($newpost <> $temp) { |