diff options
| author | Renato Botelho <garga@FreeBSD.org> | 2013-09-06 08:08:03 -0300 |
|---|---|---|
| committer | Renato Botelho <garga@FreeBSD.org> | 2013-09-06 08:08:03 -0300 |
| commit | 605ae5537da157adfb414cc8837d465c132f4c8c (patch) | |
| tree | 4637972b1c7fb3eeda71472fd7440235ef64682d /usr/local/www/diag_authentication.php | |
| parent | 8346b5c462bf349f8f81a3af4466c03e95a3d01a (diff) | |
| download | pfsense-605ae5537da157adfb414cc8837d465c132f4c8c.zip pfsense-605ae5537da157adfb414cc8837d465c132f4c8c.tar.gz | |
Fix #3127
By default htmlspecialchars does not consider single quotes, what can be
a problem when value attribute is set using it. Replace value attribute
set to use double quotes on places where it's obviously recieving a
result of htmlspecialchars() call.
Diffstat (limited to 'usr/local/www/diag_authentication.php')
| -rwxr-xr-x | usr/local/www/diag_authentication.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/usr/local/www/diag_authentication.php b/usr/local/www/diag_authentication.php index 5b33d88..98429d3 100755 --- a/usr/local/www/diag_authentication.php +++ b/usr/local/www/diag_authentication.php @@ -106,13 +106,13 @@ include("head.inc"); <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Username"); ?></td> <td width="78%" class="vtable"> - <input class="formfld unknown" size='20' id='username' name='username' value='<?=htmlspecialchars($pconfig['username']);?>' /> + <input class="formfld unknown" size='20' id='username' name='username' value="<?=htmlspecialchars($pconfig['username']);?>" /> </td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Password"); ?></td> <td width="78%" class="vtable"> - <input class="formfld pwd" type='password' size='20' id='password' name='password' value='<?=htmlspecialchars($pconfig['password']);?>' /> + <input class="formfld pwd" type='password' size='20' id='password' name='password' value="<?=htmlspecialchars($pconfig['password']);?>" /> </td> </tr> <tr> |
