diff options
author | Chris Buechler <cmb@pfsense.org> | 2016-05-12 04:29:32 -0500 |
---|---|---|
committer | Chris Buechler <cmb@pfsense.org> | 2016-05-12 04:29:32 -0500 |
commit | e392cc2bdbdc1da6cf5d100607c9410b7e55b9b8 (patch) | |
tree | 46b5064cb88fbc56782e7307f7413af8dd65ba94 /src | |
parent | 7b31a03050cbb6f5de2cb665b70f700a0f13aaf7 (diff) | |
download | pfsense-e392cc2bdbdc1da6cf5d100607c9410b7e55b9b8.zip pfsense-e392cc2bdbdc1da6cf5d100607c9410b7e55b9b8.tar.gz |
Store notices safely to prevent potential XSS when notices are displayed locally or by remote systems where they're shipped. Ticket #6154
Diffstat (limited to 'src')
-rw-r--r-- | src/etc/inc/notices.inc | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/src/etc/inc/notices.inc b/src/etc/inc/notices.inc index b50165d..c496ddb 100644 --- a/src/etc/inc/notices.inc +++ b/src/etc/inc/notices.inc @@ -90,11 +90,11 @@ function file_notice($id, $notice, $category = "General", $url = "", $priority = } $queuekey = time(); $toqueue = array( - 'id' => $id, - 'notice' => $notice, - 'url' => $url, - 'category' => $category, - 'priority' => $priority, + 'id' => htmlentities($id), + 'notice' => htmlentities($notice), + 'url' => htmlentities($url), + 'category' => htmlentities($category), + 'priority' => htmlentities($priority), ); while (isset($queue[$queuekey])) { $queuekey++; |