diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2010-11-10 09:49:21 -0500 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2010-11-10 09:49:47 -0500 |
| commit | daab67a170ddf38a76605e32a56874780e82b62d (patch) | |
| tree | 66ad88a3ea2c9cf82f0bf1a5dfc2c4eec3ebfa54 /usr/local/www/firewall_shaper_vinterface.php | |
| parent | f0ce6758e81a036a6eee144549cbe9e4c72bbe8e (diff) | |
| download | pfsense-daab67a170ddf38a76605e32a56874780e82b62d.zip pfsense-daab67a170ddf38a76605e32a56874780e82b62d.tar.gz | |
Fix misc XSS issues from davey b
Diffstat (limited to 'usr/local/www/firewall_shaper_vinterface.php')
| -rw-r--r-- | usr/local/www/firewall_shaper_vinterface.php | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/usr/local/www/firewall_shaper_vinterface.php b/usr/local/www/firewall_shaper_vinterface.php index 52f8698..865f048 100644 --- a/usr/local/www/firewall_shaper_vinterface.php +++ b/usr/local/www/firewall_shaper_vinterface.php @@ -62,21 +62,21 @@ read_dummynet_config(); if ($_GET) { if ($_GET['queue']) - $qname = trim($_GET['queue']); + $qname = htmlspecialchars(trim($_GET['queue'])); if ($_GET['pipe']) - $pipe = trim($_GET['pipe']); + $pipe = htmlspecialchars(trim($_GET['pipe'])); if ($_GET['action']) - $action = $_GET['action']; + $action = htmlspecialchars($_GET['action']); } if ($_POST) { if ($_POST['name']) - $qname = trim($_POST['name']); + $qname = htmlspecialchars(trim($_POST['name'])); if ($_POST['pipe']) - $pipe = trim($_POST['pipe']); + $pipe = htmlspecialchars(trim($_POST['pipe'])); else - $pipe = trim($_POST['name']); + $pipe = htmlspecialchars(trim($_POST['name'])); if ($_POST['parentqueue']) - $parentqueue = trim($_POST['parentqueue']); + $parentqueue = htmlspecialchars(trim($_POST['parentqueue'])); } if ($pipe) { |
