diff options
author | jim-p <jimp@pfsense.org> | 2012-10-31 14:06:34 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2012-10-31 14:06:34 -0400 |
commit | e653b6e118bbc28fb60d27529104d73dc44d9631 (patch) | |
tree | d80757c78d19380ad7e3b21d19766e39ea5f533c /usr/local/www/firewall_rules.php | |
parent | abe430cc38ddaf30c911b14d5c69d9278d63f528 (diff) | |
download | pfsense-e653b6e118bbc28fb60d27529104d73dc44d9631.zip pfsense-e653b6e118bbc28fb60d27529104d73dc44d9631.tar.gz |
Encode the if parameter before using it in redirects, too.
Conflicts:
usr/local/www/firewall_rules.php
Diffstat (limited to 'usr/local/www/firewall_rules.php')
-rwxr-xr-x | usr/local/www/firewall_rules.php | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/usr/local/www/firewall_rules.php b/usr/local/www/firewall_rules.php index 85e4eff..3cbc398 100755 --- a/usr/local/www/firewall_rules.php +++ b/usr/local/www/firewall_rules.php @@ -212,7 +212,7 @@ if ($_GET['act'] == "del") { unset($a_filter[$_GET['id']]); if (write_config()) mark_subsystem_dirty('filter'); - header("Location: firewall_rules.php?if={$if}"); + header("Location: firewall_rules.php?if=" . htmlspecialchars($if)); exit; } } @@ -230,7 +230,7 @@ if (isset($_POST['del_x'])) { } if (write_config()) mark_subsystem_dirty('filter'); - header("Location: firewall_rules.php?if={$if}"); + header("Location: firewall_rules.php?if=" . htmlspecialchars($if)); exit; } } else if ($_GET['act'] == "toggle") { @@ -241,7 +241,7 @@ if (isset($_POST['del_x'])) { $a_filter[$_GET['id']]['disabled'] = true; if (write_config()) mark_subsystem_dirty('filter'); - header("Location: firewall_rules.php?if={$if}"); + header("Location: firewall_rules.php?if=" . htmlspecialchars($if)); exit; } } else { @@ -285,7 +285,7 @@ if (isset($_POST['del_x'])) { $a_filter = $a_filter_new; if (write_config()) mark_subsystem_dirty('filter'); - header("Location: firewall_rules.php?if={$if}"); + header("Location: firewall_rules.php?if=" . htmlspecialchars($if)); exit; } } |