diff options
author | jim-p <jimp@pfsense.org> | 2015-09-14 15:23:08 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2015-09-14 15:23:08 -0400 |
commit | ddba5989da1a12af9d475bcc0d40955adc8c2bc3 (patch) | |
tree | 02eb14f800322c2d301ca0e21c988f49f6b80cb0 /src/usr | |
parent | dda80e7602bd190667aa23ce371eb8c3925f6459 (diff) | |
download | pfsense-ddba5989da1a12af9d475bcc0d40955adc8c2bc3.zip pfsense-ddba5989da1a12af9d475bcc0d40955adc8c2bc3.tar.gz |
Fix a potential XSS in voucher testing.
Diffstat (limited to 'src/usr')
-rw-r--r-- | src/usr/local/www/status_captiveportal_test.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/usr/local/www/status_captiveportal_test.php b/src/usr/local/www/status_captiveportal_test.php index 75e18dd..64e74f4 100644 --- a/src/usr/local/www/status_captiveportal_test.php +++ b/src/usr/local/www/status_captiveportal_test.php @@ -101,9 +101,9 @@ if ($_POST) { foreach ($test_results as $result) { if (strpos($result, " good ") || strpos($result, " granted ")) { - $output .= '<font color="green">' . $result . '</font>' . '<br />'; + $output .= '<font color="green">' . htmlspecialchars($result) . '</font>' . '<br />'; } else { - $output .= '<font color="red">' . $result . '</font>' . '<br />'; + $output .= '<font color="red">' . htmlspecialchars($result) . '</font>' . '<br />'; } } |