diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2010-11-12 11:36:13 -0500 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2010-11-12 11:36:20 -0500 |
| commit | dd5bf424c155922b065b45e64733bdf8de620c0f (patch) | |
| tree | 1b22756ce120544141edc9d3f2159037b955c2bc /usr/local/www/firewall_rules_edit.php | |
| parent | 4656943e59eb19a534c06cc253e266da6c52e915 (diff) | |
| download | pfsense-dd5bf424c155922b065b45e64733bdf8de620c0f.zip pfsense-dd5bf424c155922b065b45e64733bdf8de620c0f.tar.gz | |
Fix XSS issues
Diffstat (limited to 'usr/local/www/firewall_rules_edit.php')
| -rwxr-xr-x | usr/local/www/firewall_rules_edit.php | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index 6d038a6..dfd94e6 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -837,7 +837,7 @@ include("head.inc"); <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcbeginport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option> <?php endforeach; ?> </select> - <input <?=$edit_disabled;?> autocomplete='off' class="formfldalias" name="srcbeginport_cust" id="srcbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcbeginport']) echo $pconfig['srcbeginport']; ?>"> + <input <?=$edit_disabled;?> autocomplete='off' class="formfldalias" name="srcbeginport_cust" id="srcbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcbeginport']) echo htmlspecialchars($pconfig['srcbeginport']); ?>"> </td> </tr> <tr> @@ -850,7 +850,7 @@ include("head.inc"); <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['srcendport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option> <?php endforeach; ?> </select> - <input <?=$edit_disabled;?> autocomplete='off' class="formfldalias" name="srcendport_cust" id="srcendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcendport']) echo $pconfig['srcendport']; ?>"> + <input <?=$edit_disabled;?> autocomplete='off' class="formfldalias" name="srcendport_cust" id="srcendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['srcendport']) echo htmlspecialchars($pconfig['srcendport']); ?>"> </td> </tr> </table> @@ -928,7 +928,7 @@ include("head.inc"); <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstbeginport']) { echo "selected"; $bfound = 1; }?>><?=htmlspecialchars($wkportdesc);?></option> <?php endforeach; ?> </select> - <input <?=$edit_disabled;?> autocomplete='off' class="formfldalias" name="dstbeginport_cust" id="dstbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstbeginport']) echo $pconfig['dstbeginport']; ?>"> + <input <?=$edit_disabled;?> autocomplete='off' class="formfldalias" name="dstbeginport_cust" id="dstbeginport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstbeginport']) echo htmlspecialchars($pconfig['dstbeginport']); ?>"> </td> </tr> <tr> @@ -941,7 +941,7 @@ include("head.inc"); <option value="<?=$wkport;?>" <?php if ($wkport == $pconfig['dstendport']) { echo "selected"; $bfound = 1; } ?>><?=htmlspecialchars($wkportdesc);?></option> <?php endforeach; ?> </select> - <input <?=$edit_disabled;?> autocomplete='off' class="formfldalias" name="dstendport_cust" id="dstendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstendport']) echo $pconfig['dstendport']; ?>"> + <input <?=$edit_disabled;?> autocomplete='off' class="formfldalias" name="dstendport_cust" id="dstendport_cust" type="text" size="5" value="<?php if (!$bfound && $pconfig['dstendport']) echo htmlspecialchars($pconfig['dstendport']); ?>"> </td> </tr> </table> @@ -1058,11 +1058,11 @@ include("head.inc"); <input name="tagged" id="tagged" value="<?=htmlspecialchars($pconfig['tagged']);?>"> <br /><span class="vexpl"><?=gettext("You can match packet on a mark placed before on another rule.")?> </span> <p> - <input name="max" id="max" value="<?php echo $pconfig['max'] ?>"><br><?=gettext(" Maximum state entries this rule can create");?></p><p> - <input name="max-src-nodes" id="max-src-nodes" value="<?php echo $pconfig['max-src-nodes'] ?>"><br><?=gettext(" Maximum number of unique source hosts");?></p><p> - <input name="max-src-conn" id="max-src-conn" value="<?php echo $pconfig['max-src-conn'] ?>"><br><?=gettext(" Maximum number of established connections per host");?></p><p> - <input name="max-src-states" id="max-src-states" value="<?php echo $pconfig['max-src-states'] ?>"><br><?=gettext(" Maximum state entries per host");?></p><p> - <input name="max-src-conn-rate" id="max-src-conn-rate" value="<?php echo $pconfig['max-src-conn-rate'] ?>"> / + <input name="max" id="max" value="<?php echo htmlspecialchars($pconfig['max']) ?>"><br><?=gettext(" Maximum state entries this rule can create");?></p><p> + <input name="max-src-nodes" id="max-src-nodes" value="<?php echo htmlspecialchars($pconfig['max-src-nodes']) ?>"><br><?=gettext(" Maximum number of unique source hosts");?></p><p> + <input name="max-src-conn" id="max-src-conn" value="<?php echo htmlspecialchars($pconfig['max-src-conn']) ?>"><br><?=gettext(" Maximum number of established connections per host");?></p><p> + <input name="max-src-states" id="max-src-states" value="<?php echo htmlspecialchars($pconfig['max-src-states']) ?>"><br><?=gettext(" Maximum state entries per host");?></p><p> + <input name="max-src-conn-rate" id="max-src-conn-rate" value="<?php echo htmlspecialchars($pconfig['max-src-conn-rate']) ?>"> / <select name="max-src-conn-rates" id="max-src-conn-rates"> <option value=""<?php if(intval($pconfig['max-src-conn-rates']) < 1) echo " selected"; ?>></option> <?php for($x=1; $x<255; $x++) { @@ -1073,7 +1073,7 @@ include("head.inc"); <?=gettext("Maximum new connections / per second(s)");?> </p><p> - <input name="statetimeout" value="<?php echo $pconfig['statetimeout'] ?>"><br> + <input name="statetimeout" value="<?php echo htmlspecialchars($pconfig['statetimeout']) ?>"><br> <?=gettext("State Timeout in seconds");?> </p> |
