diff options
author | jim-p <jimp@pfsense.org> | 2017-02-07 11:14:25 -0500 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2017-02-07 11:14:52 -0500 |
commit | 082f3663d2ac75e1f7e718715ea23b0168a866a7 (patch) | |
tree | 7487d3e7811038cc6ed21b4743a41f9c00be6da6 /src | |
parent | be9de914fe4aa2f95d92a6854143103ecb028a45 (diff) | |
download | pfsense-082f3663d2ac75e1f7e718715ea23b0168a866a7.zip pfsense-082f3663d2ac75e1f7e718715ea23b0168a866a7.tar.gz |
Encode 'from' and 'to' before output on pkg_mgr_install.php. Fixes #7225
Diffstat (limited to 'src')
-rw-r--r-- | src/usr/local/www/pkg_mgr_install.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/usr/local/www/pkg_mgr_install.php b/src/usr/local/www/pkg_mgr_install.php index f83bfc9..d123cc5 100644 --- a/src/usr/local/www/pkg_mgr_install.php +++ b/src/usr/local/www/pkg_mgr_install.php @@ -319,7 +319,7 @@ if (!$confirmed && !$completed && <?php elseif ($_GET['from'] && $_GET['to']): ?> - <?=sprintf(gettext('Confirmation Required to upgrade package %1$s from %2$s to %3$s.'), $pkgname, $_GET['from'], $_GET['to'])?> + <?=sprintf(gettext('Confirmation Required to upgrade package %1$s from %2$s to %3$s.'), $pkgname, htmlspecialchars($_GET['from']), htmlspecialchars($_GET['to']))?> <?php elseif ($firmwareupdate): ?> |