Bring in XSS id fixes from m0n0wall

1 files changed, 4 insertions, 4 deletions

diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php
index 166bfa8..6d038a6 100755
--- a/usr/local/www/firewall_rules_edit.php
+++ b/usr/local/www/firewall_rules_edit.php
@@ -977,9 +977,9 @@ include("head.inc");
 				&nbsp;<br>&nbsp;
 				<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>">  <input type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()">
 <?php			if (isset($id) && $a_filter[$id]): ?>
-					<input name="id" type="hidden" value="<?=$id;?>">
+					<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>">
 <?php 			endif; ?>
-				<input name="after" type="hidden" value="<?=$after;?>">
+				<input name="after" type="hidden" value="<?=htmlspecialchars($after);?>">
 			</td>
 		</tr>
 <?php		endif; ?>
@@ -1372,9 +1372,9 @@ include("head.inc");
 				&nbsp;<br>&nbsp;
 				<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>">  <input type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()">
 <?php			if (isset($id) && $a_filter[$id]): ?>
-					<input name="id" type="hidden" value="<?=$id;?>">
+					<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>">
 <?php 			endif; ?>
-				<input name="after" type="hidden" value="<?=$after;?>">
+				<input name="after" type="hidden" value="<?=htmlspecialchars($after);?>">
 			</td>
 		</tr>
 	</table>