diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2010-11-12 11:03:44 -0500 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2010-11-12 11:03:51 -0500 |
commit | 225a2f0b4696c497263d0926011a0f39ab08b0f3 (patch) | |
tree | 8a5b402ff00a0c20e630f4beaf0f385edb2a9592 /usr/local/www/firewall_rules_edit.php | |
parent | 5812e717eb919e2d1eb94772f33275122415d76c (diff) | |
download | pfsense-225a2f0b4696c497263d0926011a0f39ab08b0f3.zip pfsense-225a2f0b4696c497263d0926011a0f39ab08b0f3.tar.gz |
Bring in XSS id fixes from m0n0wall
Diffstat (limited to 'usr/local/www/firewall_rules_edit.php')
-rwxr-xr-x | usr/local/www/firewall_rules_edit.php | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index 166bfa8..6d038a6 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -977,9 +977,9 @@ include("head.inc"); <br> <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>"> <input type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()"> <?php if (isset($id) && $a_filter[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>"> <?php endif; ?> - <input name="after" type="hidden" value="<?=$after;?>"> + <input name="after" type="hidden" value="<?=htmlspecialchars($after);?>"> </td> </tr> <?php endif; ?> @@ -1372,9 +1372,9 @@ include("head.inc"); <br> <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>"> <input type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()"> <?php if (isset($id) && $a_filter[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>"> <?php endif; ?> - <input name="after" type="hidden" value="<?=$after;?>"> + <input name="after" type="hidden" value="<?=htmlspecialchars($after);?>"> </td> </tr> </table> |