diff options
author | jim-p <jimp@pfsense.org> | 2012-10-31 15:44:14 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2012-10-31 15:44:14 -0400 |
commit | ac4cbc1529197ae60532dca089607a75bab5d9fe (patch) | |
tree | 0eaa17ac7efecad08e40f18edc379a165aaf59c3 /usr/local/www/load_balancer_monitor_edit.php | |
parent | bb33a33724161823b6bd35e7f0f19a1d551cda82 (diff) | |
download | pfsense-ac4cbc1529197ae60532dca089607a75bab5d9fe.zip pfsense-ac4cbc1529197ae60532dca089607a75bab5d9fe.tar.gz |
Encode some more parameters before showing them to users.
Diffstat (limited to 'usr/local/www/load_balancer_monitor_edit.php')
-rwxr-xr-x | usr/local/www/load_balancer_monitor_edit.php | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/usr/local/www/load_balancer_monitor_edit.php b/usr/local/www/load_balancer_monitor_edit.php index e5ed0ff..271b2f6 100755 --- a/usr/local/www/load_balancer_monitor_edit.php +++ b/usr/local/www/load_balancer_monitor_edit.php @@ -232,13 +232,13 @@ function updateType(t){ <tr align="left"> <td width="22%" valign="top" class="vncellreq"><?=gettext("Name"); ?></td> <td width="78%" class="vtable" colspan="2"> - <input name="name" type="text" <?if(isset($pconfig['name'])) echo "value=\"{$pconfig['name']}\"";?> size="16" maxlength="16"> + <input name="name" type="text" <?if(isset($pconfig['name'])) echo "value=\"" . htmlspecialchars($pconfig['name']) . "\"";?> size="16" maxlength="16"> </td> </tr> <tr align="left"> <td width="22%" valign="top" class="vncellreq"><?=gettext("Description"); ?></td> <td width="78%" class="vtable" colspan="2"> - <input name="descr" type="text" <?if(isset($pconfig['descr'])) echo "value=\"{$pconfig['descr']}\"";?>size="64"> + <input name="descr" type="text" <?if(isset($pconfig['descr'])) echo "value=\"" . htmlspecialchars($pconfig['descr']) . "\"";?>size="64"> </td> </tr> <tr align="left"> @@ -269,13 +269,13 @@ function updateType(t){ <tr align="left"> <td valign="top" align="right" class="vtable"><?=gettext("Path"); ?></td> <td class="vtable" colspan="2"> - <input name="http_options_path" type="text" <?if(isset($pconfig['options']['path'])) echo "value=\"{$pconfig['options']['path']}\"";?>size="64"> + <input name="http_options_path" type="text" <?if(isset($pconfig['options']['path'])) echo "value=\"" . htmlspecialchars($pconfig['options']['path']) . "\"";?>size="64"> </td> </tr> <tr align="left"> <td valign="top" align="right" class="vtable"><?=gettext("Host"); ?></td> <td class="vtable" colspan="2"> - <input name="http_options_host" type="text" <?if(isset($pconfig['options']['host'])) echo "value=\"{$pconfig['options']['host']}\"";?>size="64"><br/><?=gettext("Hostname for Host: header if needed."); ?> + <input name="http_options_host" type="text" <?if(isset($pconfig['options']['host'])) echo "value=\"" . htmlspecialchars($pconfig['options']['host']) . "\"";?>size="64"><br/><?=gettext("Hostname for Host: header if needed."); ?> </td> </td> <tr align="left"> @@ -288,7 +288,7 @@ function updateType(t){ <tr align="left"> <td width="22%" valign="top" class="vncell">MD5 Page Digest</td> <td width="78%" class="vtable" colspan="2"> - <input name="digest" type="text" <?if(isset($pconfig['digest'])) echo "value=\"{$pconfig['digest']}\"";?>size="32"><br /><b>TODO: add fetch functionality here</b> + <input name="digest" type="text" <?if(isset($pconfig['digest'])) echo "value=\"" . htmlspecialchars($pconfig['digest']) . "\"";?>size="32"><br /><b>TODO: add fetch functionality here</b> </td> </tr> --> @@ -302,13 +302,13 @@ function updateType(t){ <tr align="left"> <td valign="top" align="right" class="vtable"><?=gettext("Path"); ?></td> <td class="vtable" colspan="2"> - <input name="https_options_path" type="text" <?if(isset($pconfig['options']['path'])) echo "value=\"{$pconfig['options']['path']}\"";?>size="64"> + <input name="https_options_path" type="text" <?if(isset($pconfig['options']['path'])) echo "value=\"" . htmlspecialchars($pconfig['options']['path']) ."\"";?>size="64"> </td> </tr> <tr align="left"> <td valign="top" align="right" class="vtable"><?=gettext("Host"); ?></td> <td class="vtable" colspan="2"> - <input name="https_options_host" type="text" <?if(isset($pconfig['options']['host'])) echo "value=\"{$pconfig['options']['host']}\"";?>size="64"><br/><?=gettext("Hostname for Host: header if needed."); ?> + <input name="https_options_host" type="text" <?if(isset($pconfig['options']['host'])) echo "value=\"" . htmlspecialchars($pconfig['options']['host']) . "\"";?>size="64"><br/><?=gettext("Hostname for Host: header if needed."); ?> </td> </td> <tr align="left"> @@ -322,7 +322,7 @@ function updateType(t){ <tr align="left"> <td width="22%" valign="top" class="vncellreq">MD5 Page Digest</td> <td width="78%" class="vtable" colspan="2"> - <input name="digest" type="text" <?if(isset($pconfig['digest'])) echo "value=\"{$pconfig['digest']}\"";?>size="32"><br /><b>TODO: add fetch functionality here</b> + <input name="digest" type="text" <?if(isset($pconfig['digest'])) echo "value=\"" . htmlspecialchars($pconfig['digest']) . "\"";?>size="32"><br /><b>TODO: add fetch functionality here</b> </td> </tr> --> @@ -336,13 +336,13 @@ function updateType(t){ <tr align="left"> <td valign="top" align="right" class="vtable"><?=gettext("Send string"); ?></td> <td class="vtable" colspan="2"> - <input name="send_options_send" type="text" <?if(isset($pconfig['options']['send'])) echo "value=\"{$pconfig['options']['send']}\"";?>size="64"> + <input name="send_options_send" type="text" <?if(isset($pconfig['options']['send'])) echo "value=\"" . htmlspecialchars($pconfig['options']['send']) . "\"";?>size="64"> </td> </tr> <tr align="left"> <td valign="top" align="right" class="vtable"><?=gettext("Expect string"); ?></td> <td class="vtable" colspan="2"> - <input name="send_options_expect" type="text" <?if(isset($pconfig['options']['expect'])) echo "value=\"{$pconfig['options']['expect']}\"";?>size="64"> + <input name="send_options_expect" type="text" <?if(isset($pconfig['options']['expect'])) echo "value=\"" . htmlspecialchars($pconfig['options']['expect']) . "\"";?>size="64"> </td> </tr> </table> |