diff options
| author | jim-p <jimp@pfsense.org> | 2010-11-12 12:02:21 -0500 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2010-11-12 12:02:44 -0500 |
| commit | 060d4c5ec0ab239a1535c014f48651996bb59f4b (patch) | |
| tree | 486586780f862858b1cadbbfa50bd6e27d683145 /usr/local/www/fbegin.inc | |
| parent | dd5bf424c155922b065b45e64733bdf8de620c0f (diff) | |
| download | pfsense-060d4c5ec0ab239a1535c014f48651996bb59f4b.zip pfsense-060d4c5ec0ab239a1535c014f48651996bb59f4b.tar.gz | |
More notice XSS fixes.
Diffstat (limited to 'usr/local/www/fbegin.inc')
| -rwxr-xr-x | usr/local/www/fbegin.inc | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/usr/local/www/fbegin.inc b/usr/local/www/fbegin.inc index b720ca1..0f8a795 100755 --- a/usr/local/www/fbegin.inc +++ b/usr/local/www/fbegin.inc @@ -262,13 +262,13 @@ if ($_REQUEST['noticeaction'] == 'acknowledge') { $noticemsg = str_replace("<br>", "", $noticemsg); $extra_args = ""; if($_GET['xml']) - $extraargs="&xml=" . $_GET['xml']; + $extraargs="&xml=" . htmlspecialchars($_GET['xml']); if($_POST['xml']) - $extraargs="&xml=" . $_POST['xml']; + $extraargs="&xml=" . htmlspecialchars($_POST['xml']); if($_GET['id']) - $extraargs="&xml=" . $_GET['id']; + $extraargs="&xml=" . htmlspecialchars($_GET['id']); if($_POST['id']) - $extraargs="&xml=" . $_POST['id']; + $extraargs="&xml=" . htmlspecialchars($_POST['id']); $notice_msgs = '<a href="?noticeaction=acknowledge¬iceid=all' . $extraargs . '">Acknowledge All</a> .:. '; if ($value['url']) { $notice_msgs .= $date.' - <a href="'.$url.'?' . htmlspecialchars($request_string) . '¬iceaction=acknowledge¬iceid='.$key.'">['.$value['id'].']</a>'; |
