diff options
author | jim-p <jimp@pfsense.org> | 2015-08-18 09:35:56 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2015-08-18 09:35:56 -0400 |
commit | 1ce2e5d2530cc1a076fc2ae49e653dc8935dd6a5 (patch) | |
tree | 12f8572adde5440599d3057562307daa9f470276 /usr/local/www/status_captiveportal_test.php | |
parent | d0236c7e88e2a874d19269a9a890fbca24607042 (diff) | |
download | pfsense-1ce2e5d2530cc1a076fc2ae49e653dc8935dd6a5.zip pfsense-1ce2e5d2530cc1a076fc2ae49e653dc8935dd6a5.tar.gz |
Fix a potential XSS in voucher testing.
Diffstat (limited to 'usr/local/www/status_captiveportal_test.php')
-rw-r--r-- | usr/local/www/status_captiveportal_test.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/usr/local/www/status_captiveportal_test.php b/usr/local/www/status_captiveportal_test.php index 4caafb4..ddb5b43 100644 --- a/usr/local/www/status_captiveportal_test.php +++ b/usr/local/www/status_captiveportal_test.php @@ -108,10 +108,10 @@ if ($_POST) { foreach ($test_results as $result) { if (strpos($result, " good ") || strpos($result, " granted ")) { echo "<tr><td bgcolor=\"#D9DEE8\"><img src=\"/themes/{$g['theme']}/images/icons/icon_pass.gif\" alt=\"pass\" /></td>"; - echo "<td bgcolor=\"#D9DEE8\">$result</td></tr>"; + echo "<td bgcolor=\"#D9DEE8\">" . htmlspecialchars($result) . "</td></tr>"; } else { echo "<tr><td bgcolor=\"#FFD9D1\"><img src=\"/themes/{$g['theme']}/images/icons/icon_block.gif\" alt=\"block\" /></td>"; - echo "<td bgcolor=\"#FFD9D1\">$result</td></tr>"; + echo "<td bgcolor=\"#FFD9D1\">" . htmlspecialchars($result) . "</td></tr>"; } } echo "</table>"; |