diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2008-02-22 00:11:52 +0000 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2008-02-22 00:11:52 +0000 |
| commit | 08cf5428d6fa7d080869574cee0f22e669b8db03 (patch) | |
| tree | a96afcd5813564cd11521cf39233bb5cf2a50a56 /usr/local/www/diag_dhcp_leases.php | |
| parent | 53aca1fdc3f7683efd90472ed7be78f793eb78bb (diff) | |
| download | pfsense-08cf5428d6fa7d080869574cee0f22e669b8db03.zip pfsense-08cf5428d6fa7d080869574cee0f22e669b8db03.tar.gz | |
Guard against javascript injection attacks
Ticket #1656
Diffstat (limited to 'usr/local/www/diag_dhcp_leases.php')
| -rwxr-xr-x | usr/local/www/diag_dhcp_leases.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/usr/local/www/diag_dhcp_leases.php b/usr/local/www/diag_dhcp_leases.php index 7af62dc..54a2170 100755 --- a/usr/local/www/diag_dhcp_leases.php +++ b/usr/local/www/diag_dhcp_leases.php @@ -215,7 +215,7 @@ foreach($config['interfaces'] as $ifname => $ifarr) { $slease['start'] = gmdate("M d Y H:i:s", time()); $slease['end'] = gmdate("M d Y H:i:s", time()); $slease['end'] = gmdate("M d Y H:i:s", strtotime('+5 minutes')); - $slease['hostname'] = $static['hostname']; + $slease['hostname'] = htmlentities($static['hostname']); $slease['act'] = "static"; $online = exec("/usr/sbin/arp -an |/usr/bin/grep {$slease['mac']}| /usr/bin/wc -l|/usr/bin/awk '{print $1;}'"); if ($online == 1) { @@ -317,7 +317,7 @@ foreach ($leases as $data) { } else { echo "<td class=\"listr\">{$fspans}{$data['mac']}{$fspane} </td>\n"; } - echo "<td class=\"listr\">{$fspans}{$data['hostname']}{$fspane} </td>\n"; + echo "<td class=\"listr\">{$fspans}" . htmlentities($data['hostname']) . "{$fspane} </td>\n"; echo "<td class=\"listr\">{$fspans}" . adjust_gmt($data['start']) . "{$fspane} </td>\n"; echo "<td class=\"listr\">{$fspans}" . adjust_gmt($data['end']) . "{$fspane} </td>\n"; echo "<td class=\"listr\">{$fspans}{$data['online']}{$fspane} </td>\n"; |
