diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2010-11-10 09:49:21 -0500 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2010-11-10 09:49:47 -0500 |
commit | daab67a170ddf38a76605e32a56874780e82b62d (patch) | |
tree | 66ad88a3ea2c9cf82f0bf1a5dfc2c4eec3ebfa54 /usr/local/www/firewall_shaper.php | |
parent | f0ce6758e81a036a6eee144549cbe9e4c72bbe8e (diff) | |
download | pfsense-daab67a170ddf38a76605e32a56874780e82b62d.zip pfsense-daab67a170ddf38a76605e32a56874780e82b62d.tar.gz |
Fix misc XSS issues from davey b
Diffstat (limited to 'usr/local/www/firewall_shaper.php')
-rwxr-xr-x | usr/local/www/firewall_shaper.php | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/usr/local/www/firewall_shaper.php b/usr/local/www/firewall_shaper.php index 7de18d1..f3cdbab 100755 --- a/usr/local/www/firewall_shaper.php +++ b/usr/local/www/firewall_shaper.php @@ -65,17 +65,17 @@ if ($_GET) { if ($_GET['queue']) $qname = trim($_GET['queue']); if ($_GET['interface']) - $interface = trim($_GET['interface']); + $interface = htmlspecialchars(trim($_GET['interface'])); if ($_GET['action']) - $action = $_GET['action']; + $action = htmlspecialchars($_GET['action']); } if ($_POST) { if ($_POST['name']) - $qname = trim($_POST['name']); + $qname = htmlspecialchars(trim($_POST['name'])); if ($_POST['interface']) - $interface = trim($_POST['interface']); + $interface = htmlspecialchars(trim($_POST['interface'])); if ($_POST['parentqueue']) - $parentqueue = trim($_POST['parentqueue']); + $parentqueue = htmlspecialchars(trim($_POST['parentqueue'])); } if ($interface) { |