diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2010-11-12 11:36:13 -0500 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2010-11-12 11:36:20 -0500 |
| commit | dd5bf424c155922b065b45e64733bdf8de620c0f (patch) | |
| tree | 1b22756ce120544141edc9d3f2159037b955c2bc /usr/local/www/status_captiveportal.php | |
| parent | 4656943e59eb19a534c06cc253e266da6c52e915 (diff) | |
| download | pfsense-dd5bf424c155922b065b45e64733bdf8de620c0f.zip pfsense-dd5bf424c155922b065b45e64733bdf8de620c0f.tar.gz | |
Fix XSS issues
Diffstat (limited to 'usr/local/www/status_captiveportal.php')
| -rwxr-xr-x | usr/local/www/status_captiveportal.php | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/usr/local/www/status_captiveportal.php b/usr/local/www/status_captiveportal.php index 8000281..3625e40 100755 --- a/usr/local/www/status_captiveportal.php +++ b/usr/local/www/status_captiveportal.php @@ -120,14 +120,14 @@ if ($_GET['order']) { <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> - <td class="listhdrr"><a href="?order=ip&showact=<?=$_GET['showact'];?>"><?=gettext("IP address");?></a></td> - <td class="listhdrr"><a href="?order=mac&showact=<?=$_GET['showact'];?>"><?=gettext("MAC address");?></a></td> - <td class="listhdrr"><a href="?order=user&showact=<?=$_GET['showact'];?>"><?=gettext("Username");?></a></td> + <td class="listhdrr"><a href="?order=ip&showact=<?=htmlspecialchars($_GET['showact']);?>"><?=gettext("IP address");?></a></td> + <td class="listhdrr"><a href="?order=mac&showact=<?=htmlspecialchars($_GET['showact']);?>"><?=gettext("MAC address");?></a></td> + <td class="listhdrr"><a href="?order=user&showact=<?=htmlspecialchars($_GET['showact']);?>"><?=gettext("Username");?></a></td> <?php if ($_GET['showact']): ?> - <td class="listhdrr"><a href="?order=start&showact=<?=$_GET['showact'];?>"><?=gettext("Session start");?></a></td> - <td class="listhdr"><a href="?order=lastact&showact=<?=$_GET['showact'];?>"><?=gettext("Last activity");?></a></td> + <td class="listhdrr"><a href="?order=start&showact=<?=htmlspecialchars($_GET['showact']);?>"><?=gettext("Session start");?></a></td> + <td class="listhdr"><a href="?order=lastact&showact=<?=htmlspecialchars($_GET['showact']);?>"><?=gettext("Last activity");?></a></td> <?php else: ?> - <td class="listhdr"><a href="?order=start&showact=<?=$_GET['showact'];?>"><?=gettext("Session start");?></a></td> + <td class="listhdr"><a href="?order=start&showact=<?=htmlspecialchars($_GET['showact']);?>"><?=gettext("Session start");?></a></td> <?php endif; ?> <td class="list sort_ignore"></td> </tr> @@ -141,7 +141,7 @@ if ($_GET['order']) { <td class="listr"><?php if ($cpent[5]) echo htmlspecialchars(date("m/d/Y H:i:s", $cpent[5]));?></td> <?php endif; ?> <td valign="middle" class="list" nowrap> - <a href="?order=<?=$_GET['order'];?>&showact=<?=$_GET['showact'];?>&act=del&id=<?=$cpent[1];?>" onclick="return confirm('<?=gettext("Do you really want to disconnect this client?");?>')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="<?=gettext("Disconnect");?>"></a></td> + <a href="?order=<?=$_GET['order'];?>&showact=<?=htmlspecialchars($_GET['showact']);?>&act=del&id=<?=$cpent[1];?>" onclick="return confirm('<?=gettext("Do you really want to disconnect this client?");?>')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="<?=gettext("Disconnect");?>"></a></td> </tr> <?php endforeach; ?> </table> |
