summaryrefslogtreecommitdiffstats
path: root/usr/local/www/status_dhcp_leases.php
diff options
context:
space:
mode:
authorScott Ullrich <sullrich@pfsense.org>2010-11-10 09:49:21 -0500
committerScott Ullrich <sullrich@pfsense.org>2010-11-10 09:49:47 -0500
commitdaab67a170ddf38a76605e32a56874780e82b62d (patch)
tree66ad88a3ea2c9cf82f0bf1a5dfc2c4eec3ebfa54 /usr/local/www/status_dhcp_leases.php
parentf0ce6758e81a036a6eee144549cbe9e4c72bbe8e (diff)
downloadpfsense-daab67a170ddf38a76605e32a56874780e82b62d.zip
pfsense-daab67a170ddf38a76605e32a56874780e82b62d.tar.gz
Fix misc XSS issues from davey b
Diffstat (limited to 'usr/local/www/status_dhcp_leases.php')
-rwxr-xr-xusr/local/www/status_dhcp_leases.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/usr/local/www/status_dhcp_leases.php b/usr/local/www/status_dhcp_leases.php
index f7981c8..dd2a0db 100755
--- a/usr/local/www/status_dhcp_leases.php
+++ b/usr/local/www/status_dhcp_leases.php
@@ -393,7 +393,7 @@ foreach ($leases as $data) {
</table>
<p>
<form action="status_dhcp_leases.php" method="GET">
-<input type="hidden" name="order" value="<?=$_GET['order'];?>">
+<input type="hidden" name="order" value="<?=htmlspecialchars($_GET['order']);?>">
<?php if ($_GET['all']): ?>
<input type="hidden" name="all" value="0">
<input type="submit" class="formbtn" value="<?=gettext("Show active and static leases only"); ?>">
OpenPOWER on IntegriCloud