diff options
| author | jim-p <jimp@pfsense.org> | 2015-03-05 09:55:00 -0500 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2015-03-05 09:56:56 -0500 |
| commit | e52c3c88cb63624f08cce977ca1f512c28b32f3c (patch) | |
| tree | 9349921ac8aa4b110d2fae6c97108d52d01b442f /usr/local/www/firewall_shaper.php | |
| parent | c678ca656b66d2135277bbed1f890e84555f6a27 (diff) | |
| download | pfsense-e52c3c88cb63624f08cce977ca1f512c28b32f3c.zip pfsense-e52c3c88cb63624f08cce977ca1f512c28b32f3c.tar.gz | |
Stricter validation and encoding for traffic shaper queues.
Diffstat (limited to 'usr/local/www/firewall_shaper.php')
| -rw-r--r-- | usr/local/www/firewall_shaper.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/usr/local/www/firewall_shaper.php b/usr/local/www/firewall_shaper.php index 99ec1f6..835085b 100644 --- a/usr/local/www/firewall_shaper.php +++ b/usr/local/www/firewall_shaper.php @@ -64,7 +64,7 @@ read_altq_config(); if ($_GET) { if ($_GET['queue']) - $qname = trim($_GET['queue']); + $qname = htmlspecialchars(trim($_GET['queue'])); if ($_GET['interface']) $interface = htmlspecialchars(trim($_GET['interface'])); if ($_GET['action']) @@ -164,7 +164,7 @@ if ($_GET) { $q->SetInterface($interface); $output_form .= $q->build_form(); $output_form .= "<input type=\"hidden\" name=\"parentqueue\" id=\"parentqueue\""; - $output_form .= " value=\"".$qname."\" />"; + $output_form .= " value=\"".htmlspecialchars($qname)."\" />"; $newjavascript = $q->build_javascript(); unset($q); $newqueue = true; |
