diff options
| author | Renato Botelho <garga@FreeBSD.org> | 2014-02-18 10:59:22 -0300 |
|---|---|---|
| committer | Renato Botelho <garga@FreeBSD.org> | 2014-02-18 10:59:22 -0300 |
| commit | 1ac5a652ff2863041afa75aba759c7861d8c1b03 (patch) | |
| tree | bbdadb9de20abcbde3d3191bb881f7f95a89654b /usr/local/www/pkg_mgr_install.php | |
| parent | 82921e738bb9d1a784733152822a9e976767ce3a (diff) | |
| download | pfsense-1ac5a652ff2863041afa75aba759c7861d8c1b03.zip pfsense-1ac5a652ff2863041afa75aba759c7861d8c1b03.tar.gz | |
Take single and double quotes into consideration
Diffstat (limited to 'usr/local/www/pkg_mgr_install.php')
| -rwxr-xr-x | usr/local/www/pkg_mgr_install.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/usr/local/www/pkg_mgr_install.php b/usr/local/www/pkg_mgr_install.php index 289505c..1e61e0c 100755 --- a/usr/local/www/pkg_mgr_install.php +++ b/usr/local/www/pkg_mgr_install.php @@ -114,7 +114,7 @@ Rounded("div#mainareapkg","bl br","#FFF","#eeeeee","smooth"); ob_flush(); -$pkgname = str_replace(array("<", ">", ";", "&", "'"), "", htmlspecialchars_decode($_GET['pkg'])); +$pkgname = str_replace(array("<", ">", ";", "&", "'", '"'), "", htmlspecialchars_decode($_GET['pkg'], ENT_QUOTES | ENT_HTML401)); switch($_GET['mode']) { case "showlog": case "installedinfo": |
