diff options
author | jim-p <jimp@pfsense.org> | 2012-10-31 15:44:14 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2012-10-31 15:44:14 -0400 |
commit | ac4cbc1529197ae60532dca089607a75bab5d9fe (patch) | |
tree | 0eaa17ac7efecad08e40f18edc379a165aaf59c3 /usr/local/www/load_balancer_virtual_server_edit.php | |
parent | bb33a33724161823b6bd35e7f0f19a1d551cda82 (diff) | |
download | pfsense-ac4cbc1529197ae60532dca089607a75bab5d9fe.zip pfsense-ac4cbc1529197ae60532dca089607a75bab5d9fe.tar.gz |
Encode some more parameters before showing them to users.
Diffstat (limited to 'usr/local/www/load_balancer_virtual_server_edit.php')
-rwxr-xr-x | usr/local/www/load_balancer_virtual_server_edit.php | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/usr/local/www/load_balancer_virtual_server_edit.php b/usr/local/www/load_balancer_virtual_server_edit.php index ea429d6..b2e73b1 100755 --- a/usr/local/www/load_balancer_virtual_server_edit.php +++ b/usr/local/www/load_balancer_virtual_server_edit.php @@ -154,19 +154,19 @@ include("head.inc"); <tr align="left"> <td width="22%" valign="top" class="vncellreq"><?=gettext("Name"); ?></td> <td width="78%" class="vtable" colspan="2"> - <input name="name" type="text" <?if(isset($pconfig['name'])) echo "value=\"{$pconfig['name']}\"";?>size="32" maxlength="32"> + <input name="name" type="text" <?if(isset($pconfig['name'])) echo "value=\"" . htmlspecialchars($pconfig['name']) . "\"";?>size="32" maxlength="32"> </td> </tr> <tr align="left"> <td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td> <td width="78%" class="vtable" colspan="2"> - <input name="descr" type="text" <?if(isset($pconfig['descr'])) echo "value=\"{$pconfig['descr']}\"";?>size="64"> + <input name="descr" type="text" <?if(isset($pconfig['descr'])) echo "value=\"" . htmlspecialchars($pconfig['descr']) . "\"";?>size="64"> </td> </tr> <tr align="left"> <td width="22%" valign="top" class="vncellreq"><?=gettext("IP Address"); ?></td> <td width="78%" class="vtable" colspan="2"> - <input class="formfldalias" id="ipaddr" name="ipaddr" type="text" <?if(isset($pconfig['ipaddr'])) echo "value=\"{$pconfig['ipaddr']}\"";?> size="39" maxlength="39"> + <input class="formfldalias" id="ipaddr" name="ipaddr" type="text" <?if(isset($pconfig['ipaddr'])) echo "value=\"" . htmlspecialchars($pconfig['ipaddr']) . "\"";?> size="39" maxlength="39"> <br><?=gettext("This is normally the WAN IP address that you would like the server to listen on. All connections to this IP and port will be forwarded to the pool cluster."); ?> <br><?=gettext("You may also specify a host alias listed in Firewall -> Aliases here."); ?> <script type="text/javascript"> @@ -180,7 +180,7 @@ include("head.inc"); <tr align="left"> <td width="22%" valign="top" class="vncell"><?=gettext("Port"); ?></td> <td width="78%" class="vtable" colspan="2"> - <input class="formfldalias" name="port" id="port" type="text" <?if(isset($pconfig['port'])) echo "value=\"{$pconfig['port']}\"";?> size="16" maxlength="16"> + <input class="formfldalias" name="port" id="port" type="text" <?if(isset($pconfig['port'])) echo "value=\"" . htmlspecialchars($pconfig['port']) . "\"";?> size="16" maxlength="16"> <br><?=gettext("This is the port that the clients will connect to. All connections to this port will be forwarded to the pool cluster."); ?> <br><?=gettext("If left blank, listening ports from the pool will be used."); ?> <br><?=gettext("You may also specify a port alias listed in Firewall -> Aliases here."); ?> @@ -204,7 +204,7 @@ include("head.inc"); $selected = ""; if ( $config['load_balancer']['lbpool'][$i]['name'] == $pconfig['poolname'] ) $selected = " SELECTED"; - echo "<option value=\"{$config['load_balancer']['lbpool'][$i]['name']}\"{$selected}>{$config['load_balancer']['lbpool'][$i]['name']}</option>"; + echo "<option value=\"" . htmlspecialchars($config['load_balancer']['lbpool'][$i]['name']) . "\"{$selected}>{$config['load_balancer']['lbpool'][$i]['name']}</option>"; } ?> <?php endif; ?> @@ -224,7 +224,7 @@ include("head.inc"); $selected = ""; if ( $config['load_balancer']['lbpool'][$i]['name'] == $pconfig['sitedown'] ) $selected = " SELECTED"; - echo "<option value=\"{$config['load_balancer']['lbpool'][$i]['name']}\"{$selected}>{$config['load_balancer']['lbpool'][$i]['name']}</option>"; + echo "<option value=\"" . htmlspecialchars($config['load_balancer']['lbpool'][$i]['name']) . "\"{$selected}>{$config['load_balancer']['lbpool'][$i]['name']}</option>"; } ?> </select> |