diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2010-11-12 11:36:13 -0500 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2010-11-12 11:36:20 -0500 |
| commit | dd5bf424c155922b065b45e64733bdf8de620c0f (patch) | |
| tree | 1b22756ce120544141edc9d3f2159037b955c2bc /usr/local/www/services_dhcp.php | |
| parent | 4656943e59eb19a534c06cc253e266da6c52e915 (diff) | |
| download | pfsense-dd5bf424c155922b065b45e64733bdf8de620c0f.zip pfsense-dd5bf424c155922b065b45e64733bdf8de620c0f.tar.gz | |
Fix XSS issues
Diffstat (limited to 'usr/local/www/services_dhcp.php')
| -rwxr-xr-x | usr/local/www/services_dhcp.php | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/usr/local/www/services_dhcp.php b/usr/local/www/services_dhcp.php index 79fc1dc..dae460e 100755 --- a/usr/local/www/services_dhcp.php +++ b/usr/local/www/services_dhcp.php @@ -864,7 +864,7 @@ include("head.inc"); <tr> <td width="22%" valign="top"> </td> <td width="78%"> - <input name="if" type="hidden" value="<?=$if;?>"> + <input name="if" type="hidden" value="<?=htmlspecialchars($if);?>"> <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save");?>" onclick="enable_change(true)"> </td> </tr> @@ -892,7 +892,7 @@ include("head.inc"); <table border="0" cellspacing="0" cellpadding="1"> <tr> <td valign="middle" width="17"></td> - <td valign="middle"><a href="services_dhcp_edit.php?if=<?=$if;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> + <td valign="middle"><a href="services_dhcp_edit.php?if=<?=htmlspecialchars($if);?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> </tr> </table> </td> @@ -901,23 +901,23 @@ include("head.inc"); <?php $i = 0; foreach ($a_maps as $mapent): ?> <?php if($mapent['mac'] <> "" or $mapent['ipaddr'] <> ""): ?> <tr> - <td class="listlr" ondblclick="document.location='services_dhcp_edit.php?if=<?=$if;?>&id=<?=$i;?>';"> + <td class="listlr" ondblclick="document.location='services_dhcp_edit.php?if=<?=htmlspecialchars($if);?>&id=<?=$i;?>';"> <?=htmlspecialchars($mapent['mac']);?> </td> - <td class="listr" ondblclick="document.location='services_dhcp_edit.php?if=<?=$if;?>&id=<?=$i;?>';"> + <td class="listr" ondblclick="document.location='services_dhcp_edit.php?if=<?=htmlspecialchars($if);?>&id=<?=$i;?>';"> <?=htmlspecialchars($mapent['ipaddr']);?> </td> - <td class="listr" ondblclick="document.location='services_dhcp_edit.php?if=<?=$if;?>&id=<?=$i;?>';"> + <td class="listr" ondblclick="document.location='services_dhcp_edit.php?if=<?=htmlspecialchars($if);?>&id=<?=$i;?>';"> <?=htmlspecialchars($mapent['hostname']);?> </td> - <td class="listbg" ondblclick="document.location='services_dhcp_edit.php?if=<?=$if;?>&id=<?=$i;?>';"> + <td class="listbg" ondblclick="document.location='services_dhcp_edit.php?if=<?=htmlspecialchars($if);?>&id=<?=$i;?>';"> <?=htmlspecialchars($mapent['descr']);?> </td> <td valign="middle" nowrap class="list"> <table border="0" cellspacing="0" cellpadding="1"> <tr> - <td valign="middle"><a href="services_dhcp_edit.php?if=<?=$if;?>&id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> - <td valign="middle"><a href="services_dhcp.php?if=<?=$if;?>&act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this mapping?");?>')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> + <td valign="middle"><a href="services_dhcp_edit.php?if=<?=htmlspecialchars($if);?>&id=<?=$i;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0"></a></td> + <td valign="middle"><a href="services_dhcp.php?if=<?=htmlspecialchars($if);?>&act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this mapping?");?>')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0"></a></td> </tr> </table> </td> @@ -931,7 +931,7 @@ include("head.inc"); <table border="0" cellspacing="0" cellpadding="1"> <tr> <td valign="middle" width="17"></td> - <td valign="middle"><a href="services_dhcp_edit.php?if=<?=$if;?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> + <td valign="middle"><a href="services_dhcp_edit.php?if=<?=htmlspecialchars($if);?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> </tr> </table> </td> |
