diff options
| author | jim-p <jimp@pfsense.org> | 2010-11-12 12:15:14 -0500 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2010-11-12 12:15:14 -0500 |
| commit | f01d8c4951c7319f0d06d43caa8b6ae35d2aa933 (patch) | |
| tree | 00f122dfa68cec6a43a568af887eb740652ca878 /usr/local/www/fbegin.inc | |
| parent | 060d4c5ec0ab239a1535c014f48651996bb59f4b (diff) | |
| download | pfsense-f01d8c4951c7319f0d06d43caa8b6ae35d2aa933.zip pfsense-f01d8c4951c7319f0d06d43caa8b6ae35d2aa933.tar.gz | |
One more potential XSS vector. Not sure how it would have text injected here, but better safe than sorry.
Diffstat (limited to 'usr/local/www/fbegin.inc')
| -rwxr-xr-x | usr/local/www/fbegin.inc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/usr/local/www/fbegin.inc b/usr/local/www/fbegin.inc index 0f8a795..92d90fb 100755 --- a/usr/local/www/fbegin.inc +++ b/usr/local/www/fbegin.inc @@ -273,7 +273,7 @@ if ($_REQUEST['noticeaction'] == 'acknowledge') { if ($value['url']) { $notice_msgs .= $date.' - <a href="'.$url.'?' . htmlspecialchars($request_string) . '¬iceaction=acknowledge¬iceid='.$key.'">['.$value['id'].']</a>'; } else { - $notice_msgs .= $date.' - <a href="?' . htmlspecialchars($request_string) . '¬iceaction=acknowledge¬iceid='.$key.'">['.$value['id'].']'.$noticemsg.'</a>'; + $notice_msgs .= $date.' - <a href="?' . htmlspecialchars($request_string) . '¬iceaction=acknowledge¬iceid='.$key.'">['.$value['id'].']'.htmlspecialchars($noticemsg).'</a>'; } $notice_msgs .= " .:. "; } |
