diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2010-11-12 11:03:44 -0500 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2010-11-12 11:03:51 -0500 |
| commit | 225a2f0b4696c497263d0926011a0f39ab08b0f3 (patch) | |
| tree | 8a5b402ff00a0c20e630f4beaf0f385edb2a9592 /usr/local/www/exec.php | |
| parent | 5812e717eb919e2d1eb94772f33275122415d76c (diff) | |
| download | pfsense-225a2f0b4696c497263d0926011a0f39ab08b0f3.zip pfsense-225a2f0b4696c497263d0926011a0f39ab08b0f3.tar.gz | |
Bring in XSS id fixes from m0n0wall
Diffstat (limited to 'usr/local/www/exec.php')
| -rwxr-xr-x | usr/local/www/exec.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/usr/local/www/exec.php b/usr/local/www/exec.php index 2d29a83..e9b0259 100755 --- a/usr/local/www/exec.php +++ b/usr/local/www/exec.php @@ -104,8 +104,8 @@ if (isBlank( $_POST['txtRecallBuffer'] )) { } else { puts( " var arrRecallBuffer = new Array(" ); $arrBuffer = explode( "&", $_POST['txtRecallBuffer'] ); - for ($i=0; $i < (count( $arrBuffer ) - 1); $i++) puts( " '" . $arrBuffer[$i] . "'," ); - puts( " '" . $arrBuffer[count( $arrBuffer ) - 1] . "'" ); + for ($i=0; $i < (count( $arrBuffer ) - 1); $i++) puts( " '" . htmlspecialchars($arrBuffer[$i]) . "'," ); + puts( " '" . htmlspecialchars($arrBuffer[count( $arrBuffer ) - 1]) . "'" ); puts( " );" ); } @@ -259,7 +259,7 @@ if (!isBlank($_POST['txtPHPCommand'])) { <tr> <td valign="top"> </td> <td valign="top" class="label"> - <input type="hidden" name="txtRecallBuffer" value="<?=$_POST['txtRecallBuffer'] ?>"> + <input type="hidden" name="txtRecallBuffer" value="<?=htmlspecialchars($_POST['txtRecallBuffer']) ?>"> <input type="button" class="button" name="btnRecallPrev" value="<" onClick="btnRecall_onClick( this.form, -1 );"> <input type="submit" class="button" value="<?=gettext("Execute"); ?>"> <input type="button" class="button" name="btnRecallNext" value=">" onClick="btnRecall_onClick( this.form, 1 );"> |
