diff options
| author | Renato Botelho <garga@FreeBSD.org> | 2014-02-18 16:38:35 -0300 |
|---|---|---|
| committer | Ermal <eri@pfsense.org> | 2014-02-19 07:48:55 +0000 |
| commit | 25ba63fb0f31387842860274ec6dba68f58700c6 (patch) | |
| tree | e8372c9e24a6c3ebdb73883843c41ea054c54dda /usr/local/www/pkg_mgr_install.php | |
| parent | a257e8e5b0bb74b49b0a9a4c80987fbe89bde5da (diff) | |
| download | pfsense-25ba63fb0f31387842860274ec6dba68f58700c6.zip pfsense-25ba63fb0f31387842860274ec6dba68f58700c6.tar.gz | |
Take single and double quotes into consideration
Diffstat (limited to 'usr/local/www/pkg_mgr_install.php')
| -rwxr-xr-x | usr/local/www/pkg_mgr_install.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/usr/local/www/pkg_mgr_install.php b/usr/local/www/pkg_mgr_install.php index e586c3f..3ec8a86 100755 --- a/usr/local/www/pkg_mgr_install.php +++ b/usr/local/www/pkg_mgr_install.php @@ -184,7 +184,7 @@ Rounded("div#mainareapkg","bl br","#FFF","#eeeeee","smooth"); ob_flush(); if ($_GET) { - $pkgname = str_replace(array("<", ">", ";", "&", "'"), "", htmlspecialchars_decode($_GET['pkg'])); + $pkgname = str_replace(array("<", ">", ";", "&", "'", '"'), "", htmlspecialchars_decode($_GET['pkg'], ENT_QUOTES | ENT_HTML401)); switch($_GET['mode']) { case 'showlog': if (strpos($pkgname, ".")) { |
