diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2010-11-12 11:36:13 -0500 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2010-11-12 11:36:20 -0500 |
commit | dd5bf424c155922b065b45e64733bdf8de620c0f (patch) | |
tree | 1b22756ce120544141edc9d3f2159037b955c2bc /usr/local/www/interfaces_gre_edit.php | |
parent | 4656943e59eb19a534c06cc253e266da6c52e915 (diff) | |
download | pfsense-dd5bf424c155922b065b45e64733bdf8de620c0f.zip pfsense-dd5bf424c155922b065b45e64733bdf8de620c0f.tar.gz |
Fix XSS issues
Diffstat (limited to 'usr/local/www/interfaces_gre_edit.php')
-rw-r--r-- | usr/local/www/interfaces_gre_edit.php | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/usr/local/www/interfaces_gre_edit.php b/usr/local/www/interfaces_gre_edit.php index fe1962b..f0f0a84 100644 --- a/usr/local/www/interfaces_gre_edit.php +++ b/usr/local/www/interfaces_gre_edit.php @@ -153,21 +153,21 @@ include("head.inc"); <tr> <td valign="top" class="vncellreq"><?=gettext("GRE remote address");?></td> <td class="vtable"> - <input name="remote-addr" type="text" class="formfld unknown" id="remote-addr" size="16" value="<?=$pconfig['remote-addr'];?>"> + <input name="remote-addr" type="text" class="formfld unknown" id="remote-addr" size="16" value="<?=htmlspecialchars($pconfig['remote-addr']);?>"> <br> <span class="vexpl"><?=gettext("Peer address where encapsulated GRE packets will be sent ");?></span></td> </tr> <tr> <td valign="top" class="vncellreq"><?=gettext("GRE tunnel local address ");?></td> <td class="vtable"> - <input name="tunnel-local-addr" type="text" class="formfld unknown" id="tunnel-local-addr" size="16" value="<?=$pconfig['tunnel-local-addr'];?>"> + <input name="tunnel-local-addr" type="text" class="formfld unknown" id="tunnel-local-addr" size="16" value="<?=htmlspecialchars($pconfig['tunnel-local-addr']);?>"> <br> <span class="vexpl"><?=gettext("Local GRE tunnel endpoint");?></span></td> </tr> <tr> <td valign="top" class="vncellreq"><?=gettext("GRE tunnel remote address ");?></td> <td class="vtable"> - <input name="tunnel-remote-addr" type="text" class="formfld unknown" id="tunnel-remote-addr" size="16" value="<?=$pconfig['tunnel-remote-addr'];?>"> + <input name="tunnel-remote-addr" type="text" class="formfld unknown" id="tunnel-remote-addr" size="16" value="<?=htmlspecialchars($pconfig['tunnel-remote-addr']);?>"> <select name="tunnel-remote-net" class="formselect" id="tunnel-remote-net"> <?php for ($i = 32; $i > 0; $i--) { @@ -218,7 +218,7 @@ include("head.inc"); <tr> <td width="22%" valign="top"> </td> <td width="78%"> - <input type="hidden" name="greif" value="<?=$pconfig['greif']; ?>"> + <input type="hidden" name="greif" value="<?=htmlspecialchars($pconfig['greif']); ?>"> <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save");?>"> <input type="button" value="<?=gettext("Cancel");?>" onclick="history.back()"> <?php if (isset($id) && $a_gres[$id]): ?> <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>"> |