Take single and double quotes into consideration

author: Renato Botelho <garga@FreeBSD.org> 2014-02-18 16:38:35 -0300
committer: Renato Botelho <garga@FreeBSD.org> 2014-02-18 16:38:35 -0300
commit: d291634ad943abdb089250b307d788f30d1af91b (patch)
tree: f36d6b75511261445e48b6c1193500494ab2edc5 /usr/local/www/pkg_mgr_install.php
parent: 738fab3dd664e637969bf4f0ad92ace367a343d5 (diff)
download: pfsense-d291634ad943abdb089250b307d788f30d1af91b.zip
pfsense-d291634ad943abdb089250b307d788f30d1af91b.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/usr/local/www/pkg_mgr_install.php b/usr/local/www/pkg_mgr_install.php
index 8bf431b..79bb9f2 100755
--- a/usr/local/www/pkg_mgr_install.php
+++ b/usr/local/www/pkg_mgr_install.php
@@ -181,7 +181,7 @@ Rounded("div#mainareapkg","bl br","#FFF","#eeeeee","smooth");
 ob_flush();
 
 if ($_GET) {
-	$pkgname = str_replace(array("<", ">", ";", "&", "'"), "", htmlspecialchars_decode($_GET['pkg']));
+	$pkgname = str_replace(array("<", ">", ";", "&", "'", '"'), "", htmlspecialchars_decode($_GET['pkg'], ENT_QUOTES | ENT_HTML401));
 	switch($_GET['mode']) {
 	case 'showlog':
 		if (strpos($pkgname, ".")) {
author	Renato Botelho <garga@FreeBSD.org>	2014-02-18 16:38:35 -0300
committer	Renato Botelho <garga@FreeBSD.org>	2014-02-18 16:38:35 -0300
commit	d291634ad943abdb089250b307d788f30d1af91b (patch)
tree	f36d6b75511261445e48b6c1193500494ab2edc5 /usr/local/www/pkg_mgr_install.php
parent	738fab3dd664e637969bf4f0ad92ace367a343d5 (diff)
download	pfsense-d291634ad943abdb089250b307d788f30d1af91b.zip pfsense-d291634ad943abdb089250b307d788f30d1af91b.tar.gz