summaryrefslogtreecommitdiffstats
path: root/usr/local/www/firewall_rules_edit.php
diff options
context:
space:
mode:
authorScott Ullrich <sullrich@pfsense.org>2011-05-31 12:35:17 -0400
committerScott Ullrich <sullrich@pfsense.org>2011-05-31 12:35:17 -0400
commit10d74dff5a96deeacc57b81bab723740267fc5b8 (patch)
tree4958852a3ca737b58cac7dfecc9c6a2601f4ae29 /usr/local/www/firewall_rules_edit.php
parent85055175a102caa0f0bd07f50546553b36d935c9 (diff)
downloadpfsense-10d74dff5a96deeacc57b81bab723740267fc5b8.zip
pfsense-10d74dff5a96deeacc57b81bab723740267fc5b8.tar.gz
Remove bogus protection. We have better handling of this now.
Diffstat (limited to 'usr/local/www/firewall_rules_edit.php')
-rwxr-xr-xusr/local/www/firewall_rules_edit.php13
1 files changed, 0 insertions, 13 deletions
diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php
index 79f65f0..bd8f48d 100755
--- a/usr/local/www/firewall_rules_edit.php
+++ b/usr/local/www/firewall_rules_edit.php
@@ -253,19 +253,6 @@ if ($_POST) {
unset($input_errors);
$pconfig = $_POST;
- /* run through $_POST items encoding HTML entties so that the user
- * cannot think he is slick and perform a XSS attack on the unwilling
- */
- foreach ($_POST as $key => $value) {
- $temp = str_replace(">", "", $value);
-
- if (isset($_POST['floating']) && $key == "interface")
- continue;
- $newpost = htmlentities($temp);
- if($newpost <> $temp)
- $input_errors[] = sprintf(gettext("Invalid characters detected (%s). Please remove invalid characters and save again."),$temp);
- }
-
/* input validation */
$reqdfields = explode(" ", "type proto");
if ( isset($a_filter[$id]['associated-rule-id'])===false ) {
OpenPOWER on IntegriCloud