Encode the if parameter before using it in redirects, too.

Conflicts:

	usr/local/www/firewall_rules.php

1 files changed, 4 insertions, 4 deletions

diff --git a/usr/local/www/firewall_rules.php b/usr/local/www/firewall_rules.php
index 85e4eff..3cbc398 100755
--- a/usr/local/www/firewall_rules.php
+++ b/usr/local/www/firewall_rules.php
@@ -212,7 +212,7 @@ if ($_GET['act'] == "del") {
 		unset($a_filter[$_GET['id']]);
 		if (write_config())
 			mark_subsystem_dirty('filter');
-		header("Location: firewall_rules.php?if={$if}");
+		header("Location: firewall_rules.php?if=" . htmlspecialchars($if));
 		exit;
 	}
 }
@@ -230,7 +230,7 @@ if (isset($_POST['del_x'])) {
 		}
 		if (write_config())
 			mark_subsystem_dirty('filter');
-		header("Location: firewall_rules.php?if={$if}");
+		header("Location: firewall_rules.php?if=" . htmlspecialchars($if));
 		exit;
 	}
 } else if ($_GET['act'] == "toggle") {
@@ -241,7 +241,7 @@ if (isset($_POST['del_x'])) {
                         $a_filter[$_GET['id']]['disabled'] = true;
 		if (write_config())
 			mark_subsystem_dirty('filter');
-		header("Location: firewall_rules.php?if={$if}");
+		header("Location: firewall_rules.php?if=" . htmlspecialchars($if));
 		exit;
 	}
 } else {
@@ -285,7 +285,7 @@ if (isset($_POST['del_x'])) {
 		$a_filter = $a_filter_new;
 		if (write_config())
 			mark_subsystem_dirty('filter');
-		header("Location: firewall_rules.php?if={$if}");
+		header("Location: firewall_rules.php?if=" . htmlspecialchars($if));
 		exit;
 	}
 }