Fix misc XSS issues from davey b

author: Scott Ullrich <sullrich@pfsense.org> 2010-11-10 09:49:21 -0500
committer: Scott Ullrich <sullrich@pfsense.org> 2010-11-10 09:49:47 -0500
commit: daab67a170ddf38a76605e32a56874780e82b62d (patch)
tree: 66ad88a3ea2c9cf82f0bf1a5dfc2c4eec3ebfa54 /usr/local/www/diag_logs_vpn.php
parent: f0ce6758e81a036a6eee144549cbe9e4c72bbe8e (diff)
download: pfsense-daab67a170ddf38a76605e32a56874780e82b62d.zip
pfsense-daab67a170ddf38a76605e32a56874780e82b62d.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/usr/local/www/diag_logs_vpn.php b/usr/local/www/diag_logs_vpn.php
index 36bdb58..adef3e1 100755
--- a/usr/local/www/diag_logs_vpn.php
+++ b/usr/local/www/diag_logs_vpn.php
@@ -49,8 +49,8 @@ $nentries = $config['syslog']['nentries'];
 if (!$nentries)
 	$nentries = 50;
 
-$vpntype = ($_GET['vpntype']) ? $_GET['vpntype'] : "pptp";
-$mode = ($_GET['mode']) ? $_GET['mode'] : "login";
+$vpntype = (htmlspecialchars($_GET['vpntype'])) ? htmlspecialchars($_GET['vpntype']) : "pptp";
+$mode = (htmlspecialchars($_GET['mode'])) ? htmlspecialchars($_GET['mode']) : "login";
 
 if ($_POST['clear']) 
 	clear_log_file("/var/log/vpn.log");
author	Scott Ullrich <sullrich@pfsense.org>	2010-11-10 09:49:21 -0500
committer	Scott Ullrich <sullrich@pfsense.org>	2010-11-10 09:49:47 -0500
commit	daab67a170ddf38a76605e32a56874780e82b62d (patch)
tree	66ad88a3ea2c9cf82f0bf1a5dfc2c4eec3ebfa54 /usr/local/www/diag_logs_vpn.php
parent	f0ce6758e81a036a6eee144549cbe9e4c72bbe8e (diff)
download	pfsense-daab67a170ddf38a76605e32a56874780e82b62d.zip pfsense-daab67a170ddf38a76605e32a56874780e82b62d.tar.gz