diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2010-11-12 11:36:13 -0500 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2010-11-12 11:36:20 -0500 |
| commit | dd5bf424c155922b065b45e64733bdf8de620c0f (patch) | |
| tree | 1b22756ce120544141edc9d3f2159037b955c2bc /usr/local/www/firewall_shaper_layer7.php | |
| parent | 4656943e59eb19a534c06cc253e266da6c52e915 (diff) | |
| download | pfsense-dd5bf424c155922b065b45e64733bdf8de620c0f.zip pfsense-dd5bf424c155922b065b45e64733bdf8de620c0f.tar.gz | |
Fix XSS issues
Diffstat (limited to 'usr/local/www/firewall_shaper_layer7.php')
| -rwxr-xr-x | usr/local/www/firewall_shaper_layer7.php | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/usr/local/www/firewall_shaper_layer7.php b/usr/local/www/firewall_shaper_layer7.php index a73506d..56e36d0 100755 --- a/usr/local/www/firewall_shaper_layer7.php +++ b/usr/local/www/firewall_shaper_layer7.php @@ -77,14 +77,14 @@ if($_GET['reset'] <> "") { if ($_GET) { if ($_GET['container']) - $name = trim($_GET['container']); + $name = htmlspecialchars(trim($_GET['container'])); if ($_GET['action']) - $action = $_GET['action']; + $action = htmlspecialchars($_GET['action']); } if($_POST) { if ($_POST['container']) { - $name = trim($_POST['container']); + $name = htmlspecialchars(trim($_POST['container'])); } } @@ -93,7 +93,6 @@ if ($name) { $container = $layer7_rules_list[$name]; } - if ($_GET) { switch ($action) { case "add": |
