diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2010-11-10 09:49:21 -0500 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2010-11-10 09:49:47 -0500 |
commit | daab67a170ddf38a76605e32a56874780e82b62d (patch) | |
tree | 66ad88a3ea2c9cf82f0bf1a5dfc2c4eec3ebfa54 /usr/local/www/status_services.php | |
parent | f0ce6758e81a036a6eee144549cbe9e4c72bbe8e (diff) | |
download | pfsense-daab67a170ddf38a76605e32a56874780e82b62d.zip pfsense-daab67a170ddf38a76605e32a56874780e82b62d.tar.gz |
Fix misc XSS issues from davey b
Diffstat (limited to 'usr/local/www/status_services.php')
-rwxr-xr-x | usr/local/www/status_services.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/usr/local/www/status_services.php b/usr/local/www/status_services.php index 97aa1ce..779e396 100755 --- a/usr/local/www/status_services.php +++ b/usr/local/www/status_services.php @@ -104,7 +104,7 @@ if($_GET['mode'] == "restartservice" and !empty($_GET['service'])) { restart_service($_GET['service']); break; } - $savemsg = sprintf(gettext("%s has been restarted."),$_GET['service']); + $savemsg = sprintf(gettext("%s has been restarted."),htmlspecialchars($_GET['service'])); sleep(5); } @@ -148,7 +148,7 @@ if($_GET['mode'] == "startservice" and !empty($_GET['service'])) { start_service($_GET['service']); break; } - $savemsg = sprintf(gettext("%s has been started."),$_GET['service']); + $savemsg = sprintf(gettext("%s has been started."),htmlspecialchars($_GET['service'])); sleep(5); } @@ -203,7 +203,7 @@ if($_GET['mode'] == "stopservice" && !empty($_GET['service'])) { stop_service($_GET['service']); break; } - $savemsg = sprintf(gettext("%s has been stopped."), $_GET['service']); + $savemsg = sprintf(gettext("%s has been stopped."), htmlspecialchars($_GET['service'])); sleep(5); } |