Encode the contents of pkg_filter before output. Fixes #7227

author: jim-p <jimp@pfsense.org> 2017-02-07 11:45:20 -0500
committer: jim-p <jimp@pfsense.org> 2017-02-07 11:48:36 -0500
commit: 7100f0410b02d152f12f95fa892c427b06ec26c0 (patch)
tree: 0af2c27525e0f9fc4926dddf197e94de7c6c9982 /src
parent: 082f3663d2ac75e1f7e718715ea23b0168a866a7 (diff)
download: pfsense-7100f0410b02d152f12f95fa892c427b06ec26c0.zip
pfsense-7100f0410b02d152f12f95fa892c427b06ec26c0.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/src/usr/local/www/pkg.php b/src/usr/local/www/pkg.php
index 5e2a90e..5edc566 100644
--- a/src/usr/local/www/pkg.php
+++ b/src/usr/local/www/pkg.php
@@ -373,7 +373,7 @@ if ($savemsg) {
 					echo "</select>";
 				}
 				if ($include_filtering_inputbox) {
-					echo '&nbsp;&nbsp;' . gettext("Filter text: ") . '<input id="pkg_filter" name="pkg_filter" value="' . $_REQUEST['pkg_filter'] . '" />';
+					echo '&nbsp;&nbsp;' . gettext("Filter text: ") . '<input id="pkg_filter" name="pkg_filter" value="' . htmlspecialchars($_REQUEST['pkg_filter']) . '" />';
 					echo '&nbsp;<button type="submit" value="Filter" class="btn btn-primary btn-xs">';
 					echo '<i class="fa fa-filter icon-embed-btn"></i>';
 					echo gettext("Filter");
author	jim-p <jimp@pfsense.org>	2017-02-07 11:45:20 -0500
committer	jim-p <jimp@pfsense.org>	2017-02-07 11:48:36 -0500
commit	7100f0410b02d152f12f95fa892c427b06ec26c0 (patch)
tree	0af2c27525e0f9fc4926dddf197e94de7c6c9982 /src
parent	082f3663d2ac75e1f7e718715ea23b0168a866a7 (diff)
download	pfsense-7100f0410b02d152f12f95fa892c427b06ec26c0.zip pfsense-7100f0410b02d152f12f95fa892c427b06ec26c0.tar.gz