diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2010-11-12 11:36:13 -0500 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2010-11-12 11:36:20 -0500 |
commit | dd5bf424c155922b065b45e64733bdf8de620c0f (patch) | |
tree | 1b22756ce120544141edc9d3f2159037b955c2bc /usr/local/www/system_authservers.php | |
parent | 4656943e59eb19a534c06cc253e266da6c52e915 (diff) | |
download | pfsense-dd5bf424c155922b065b45e64733bdf8de620c0f.zip pfsense-dd5bf424c155922b065b45e64733bdf8de620c0f.tar.gz |
Fix XSS issues
Diffstat (limited to 'usr/local/www/system_authservers.php')
-rw-r--r-- | usr/local/www/system_authservers.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/usr/local/www/system_authservers.php b/usr/local/www/system_authservers.php index 8a18ed6..fad6b34 100644 --- a/usr/local/www/system_authservers.php +++ b/usr/local/www/system_authservers.php @@ -429,7 +429,7 @@ function select_clicked() { <?php if (!isset($id)): ?> <input name="name" type="text" class="formfld unknown" id="name" size="20" value="<?=htmlspecialchars($pconfig['name']);?>"/> <?php else: ?> - <strong><?=$pconfig[name];?></strong> + <strong><?=htmlspecialchars($pconfig['name']);?></strong> <input name='name' type='hidden' id='name' value="<?=htmlspecialchars($pconfig['name']);?>"/> <?php endif; ?> </td> @@ -742,7 +742,7 @@ function select_clicked() { <?php include("fend.inc"); ?> <script type="text/javascript"> <!-- -server_typechange('<?=$pconfig['type'];?>'); +server_typechange('<?=htmlspecialchars($pconfig['type']);?>'); <?php if (!isset($id) || $pconfig['type'] == "ldap"): ?> ldap_bindchange(); ldap_urlchange(); |