diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2010-11-12 11:36:13 -0500 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2010-11-12 11:36:20 -0500 |
| commit | dd5bf424c155922b065b45e64733bdf8de620c0f (patch) | |
| tree | 1b22756ce120544141edc9d3f2159037b955c2bc /usr/local/www/status_captiveportal_vouchers.php | |
| parent | 4656943e59eb19a534c06cc253e266da6c52e915 (diff) | |
| download | pfsense-dd5bf424c155922b065b45e64733bdf8de620c0f.zip pfsense-dd5bf424c155922b065b45e64733bdf8de620c0f.tar.gz | |
Fix XSS issues
Diffstat (limited to 'usr/local/www/status_captiveportal_vouchers.php')
| -rw-r--r-- | usr/local/www/status_captiveportal_vouchers.php | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/usr/local/www/status_captiveportal_vouchers.php b/usr/local/www/status_captiveportal_vouchers.php index 39a6f56..4d3afd8 100644 --- a/usr/local/www/status_captiveportal_vouchers.php +++ b/usr/local/www/status_captiveportal_vouchers.php @@ -99,11 +99,11 @@ include("fbegin.inc"); <table width="100%" border="0" cellpadding="0" cellspacing="0" summary="content pane"> <tr> - <td class="listhdrr"><a href="?order=0&showact=<?=$_GET['showact'];?>"><?=gettext("Voucher"); ?></a></td> - <td class="listhdrr"><a href="?order=1&showact=<?=$_GET['showact'];?>"><?=gettext("Roll"); ?></a></td> - <td class="listhdrr"><a href="?order=2&showact=<?=$_GET['showact'];?>"><?=gettext("Activated at"); ?></a></td> - <td class="listhdrr"><a href="?order=3&showact=<?=$_GET['showact'];?>"><?=gettext("Expires in"); ?></a></td> - <td class="listhdr"><a href="?order=4&showact=<?=$_GET['showact'];?>"><?=gettext("Expires at"); ?></a></td> + <td class="listhdrr"><a href="?order=0&showact=<?=htmlspecialchars($_GET['showact']);?>"><?=gettext("Voucher"); ?></a></td> + <td class="listhdrr"><a href="?order=1&showact=<?=htmlspecialchars($_GET['showact']);?>"><?=gettext("Roll"); ?></a></td> + <td class="listhdrr"><a href="?order=2&showact=<?=htmlspecialchars($_GET['showact']);?>"><?=gettext("Activated at"); ?></a></td> + <td class="listhdrr"><a href="?order=3&showact=<?=htmlspecialchars($_GET['showact']);?>"><?=gettext("Expires in"); ?></a></td> + <td class="listhdr"><a href="?order=4&showact=<?=htmlspecialchars($_GET['showact']);?>"><?=gettext("Expires at"); ?></a></td> <td class="list"></td> </tr> <?php foreach ($db as $dbent): ?> |
