diff options
author | Renato Botelho <garga@FreeBSD.org> | 2015-05-25 11:10:45 -0300 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2015-05-25 11:10:55 -0300 |
commit | 7d2af3730d4a5a25bead4d284f1ba4da6daa24ad (patch) | |
tree | f1bb36657e2772fed1be762e8a440a0eed0dab1c /usr/local/www/services_captiveportal_zones.php | |
parent | ab37f56f404a41dc5c5c26a83d594f0f883bd88d (diff) | |
download | pfsense-7d2af3730d4a5a25bead4d284f1ba4da6daa24ad.zip pfsense-7d2af3730d4a5a25bead4d284f1ba4da6daa24ad.tar.gz |
Call htmlspecialchars() to remove dangerouns chars from zone parameter. Also redirect user to services_captiveportal_zones.php when an invalid zone is passed
Diffstat (limited to 'usr/local/www/services_captiveportal_zones.php')
-rw-r--r-- | usr/local/www/services_captiveportal_zones.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/usr/local/www/services_captiveportal_zones.php b/usr/local/www/services_captiveportal_zones.php index 5eb9742..6d956b5 100644 --- a/usr/local/www/services_captiveportal_zones.php +++ b/usr/local/www/services_captiveportal_zones.php @@ -50,7 +50,7 @@ if (!is_array($config['captiveportal'])) { $a_cp = &$config['captiveportal']; if ($_GET['act'] == "del" && !empty($_GET['zone'])) { - $cpzone = $_GET['zone']; + $cpzone = htmlspecialchars($_GET['zone']); if ($a_cp[$cpzone]) { $cpzoneid = $a_cp[$cpzone]['zoneid']; unset($a_cp[$cpzone]['enable']); @@ -60,9 +60,9 @@ if ($_GET['act'] == "del" && !empty($_GET['zone'])) { unset($config['voucher'][$cpzone]); } write_config(); - header("Location: services_captiveportal_zones.php"); - exit; } + header("Location: services_captiveportal_zones.php"); + exit; } $pgtitle = array(gettext("Captive Portal"), gettext("Zones")); |