Fix a potential XSS in voucher testing.

author: jim-p <jimp@pfsense.org> 2015-08-18 09:35:56 -0400
committer: jim-p <jimp@pfsense.org> 2015-08-18 09:35:56 -0400
commit: 1ce2e5d2530cc1a076fc2ae49e653dc8935dd6a5 (patch)
tree: 12f8572adde5440599d3057562307daa9f470276 /usr/local/www/status_captiveportal_test.php
parent: d0236c7e88e2a874d19269a9a890fbca24607042 (diff)
download: pfsense-1ce2e5d2530cc1a076fc2ae49e653dc8935dd6a5.zip
pfsense-1ce2e5d2530cc1a076fc2ae49e653dc8935dd6a5.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/usr/local/www/status_captiveportal_test.php b/usr/local/www/status_captiveportal_test.php
index 4caafb4..ddb5b43 100644
--- a/usr/local/www/status_captiveportal_test.php
+++ b/usr/local/www/status_captiveportal_test.php
@@ -108,10 +108,10 @@ if ($_POST) {
         foreach ($test_results as $result) {
             if (strpos($result, " good ") || strpos($result, " granted ")) {
                 echo "<tr><td bgcolor=\"#D9DEE8\"><img src=\"/themes/{$g['theme']}/images/icons/icon_pass.gif\" alt=\"pass\" /></td>";
-                echo "<td bgcolor=\"#D9DEE8\">$result</td></tr>";
+                echo "<td bgcolor=\"#D9DEE8\">" . htmlspecialchars($result) . "</td></tr>";
             } else {
                 echo "<tr><td bgcolor=\"#FFD9D1\"><img src=\"/themes/{$g['theme']}/images/icons/icon_block.gif\" alt=\"block\" /></td>";
-                echo "<td bgcolor=\"#FFD9D1\">$result</td></tr>";
+                echo "<td bgcolor=\"#FFD9D1\">" . htmlspecialchars($result) . "</td></tr>";
             }
         }
         echo "</table>";
author	jim-p <jimp@pfsense.org>	2015-08-18 09:35:56 -0400
committer	jim-p <jimp@pfsense.org>	2015-08-18 09:35:56 -0400
commit	1ce2e5d2530cc1a076fc2ae49e653dc8935dd6a5 (patch)
tree	12f8572adde5440599d3057562307daa9f470276 /usr/local/www/status_captiveportal_test.php
parent	d0236c7e88e2a874d19269a9a890fbca24607042 (diff)
download	pfsense-1ce2e5d2530cc1a076fc2ae49e653dc8935dd6a5.zip pfsense-1ce2e5d2530cc1a076fc2ae49e653dc8935dd6a5.tar.gz