diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2010-11-12 11:36:13 -0500 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2010-11-12 11:36:20 -0500 |
commit | dd5bf424c155922b065b45e64733bdf8de620c0f (patch) | |
tree | 1b22756ce120544141edc9d3f2159037b955c2bc /usr/local/www/interfaces_gif_edit.php | |
parent | 4656943e59eb19a534c06cc253e266da6c52e915 (diff) | |
download | pfsense-dd5bf424c155922b065b45e64733bdf8de620c0f.zip pfsense-dd5bf424c155922b065b45e64733bdf8de620c0f.tar.gz |
Fix XSS issues
Diffstat (limited to 'usr/local/www/interfaces_gif_edit.php')
-rw-r--r-- | usr/local/www/interfaces_gif_edit.php | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/usr/local/www/interfaces_gif_edit.php b/usr/local/www/interfaces_gif_edit.php index e650149..efbf036 100644 --- a/usr/local/www/interfaces_gif_edit.php +++ b/usr/local/www/interfaces_gif_edit.php @@ -150,21 +150,21 @@ include("head.inc"); <tr> <td valign="top" class="vncellreq"><?=gettext("gif remote address"); ?></td> <td class="vtable"> - <input name="remote-addr" type="text" class="formfld unknown" id="remote-addr" size="16" value="<?=$pconfig['remote-addr'];?>"> + <input name="remote-addr" type="text" class="formfld unknown" id="remote-addr" size="16" value="<?=htmlspecialchars($pconfig['remote-addr']);?>"> <br> <span class="vexpl"><?=gettext("Peer address where encapsulated gif packets will be sent. "); ?></span></td> </tr> <tr> <td valign="top" class="vncellreq"><?=gettext("gif tunnel local address"); ?></td> <td class="vtable"> - <input name="tunnel-local-addr" type="text" class="formfld unknown" id="tunnel-local-addr" size="16" value="<?=$pconfig['tunnel-local-addr'];?>"> + <input name="tunnel-local-addr" type="text" class="formfld unknown" id="tunnel-local-addr" size="16" value="<?=htmlspecialchars($pconfig['tunnel-local-addr']);?>"> <br> <span class="vexpl"><?=gettext("Local gif tunnel endpoint"); ?></span></td> </tr> <tr> <td valign="top" class="vncellreq"><?=gettext("gif tunnel remote address "); ?></td> <td class="vtable"> - <input name="tunnel-remote-addr" type="text" class="formfld unknown" id="tunnel-remote-addr" size="16" value="<?=$pconfig['tunnel-remote-addr'];?>"> + <input name="tunnel-remote-addr" type="text" class="formfld unknown" id="tunnel-remote-addr" size="16" value="<?=htmlspecialchars($pconfig['tunnel-remote-addr']);?>"> <select name="tunnel-remote-net" class="formselect" id="tunnel-remote-net"> <?php for ($i = 32; $i > 0; $i--) { @@ -206,7 +206,7 @@ include("head.inc"); <tr> <td width="22%" valign="top"> </td> <td width="78%"> - <input type="hidden" name="gifif" value="<?=$pconfig['gifif']; ?>"> + <input type="hidden" name="gifif" value="<?=htmlspecialchars($pconfig['gifif']); ?>"> <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>"> <input type="button" value="<?=gettext("Cancel"); ?>" onclick="history.back()"> <?php if (isset($id) && $a_gifs[$id]): ?> <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>"> |