diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2010-11-12 11:03:44 -0500 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2010-11-12 11:03:51 -0500 |
| commit | 225a2f0b4696c497263d0926011a0f39ab08b0f3 (patch) | |
| tree | 8a5b402ff00a0c20e630f4beaf0f385edb2a9592 /usr/local/www/status_dhcp_leases.php | |
| parent | 5812e717eb919e2d1eb94772f33275122415d76c (diff) | |
| download | pfsense-225a2f0b4696c497263d0926011a0f39ab08b0f3.zip pfsense-225a2f0b4696c497263d0926011a0f39ab08b0f3.tar.gz | |
Bring in XSS id fixes from m0n0wall
Diffstat (limited to 'usr/local/www/status_dhcp_leases.php')
| -rwxr-xr-x | usr/local/www/status_dhcp_leases.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/usr/local/www/status_dhcp_leases.php b/usr/local/www/status_dhcp_leases.php index dd2a0db..896b1af 100755 --- a/usr/local/www/status_dhcp_leases.php +++ b/usr/local/www/status_dhcp_leases.php @@ -382,7 +382,7 @@ foreach ($leases as $data) { /* Only show the button for offline dynamic leases */ if (($data['type'] == "dynamic") && ($data['online'] != "online")) { - echo "<td class=\"list\" valign=\"middle\"><a href=\"status_dhcp_leases.php?deleteip={$data['ip']}&all={$_GET['all']}\">"; + echo "<td class=\"list\" valign=\"middle\"><a href=\"status_dhcp_leases.php?deleteip={$data['ip']}&all=" . htmlspecialchars($_GET['all']) . "\">"; echo "<img src=\"/themes/{$g['theme']}/images/icons/icon_x.gif\" width=\"17\" height=\"17\" border=\"0\" title=\"" . gettext("delete this DHCP lease") . "\"></a></td>\n"; } echo "</tr>\n"; |
