diff options
author | jim-p <jimp@pfsense.org> | 2015-06-16 10:53:04 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2015-06-16 10:53:04 -0400 |
commit | d213c48520c6d694e660b208340e4e632e153585 (patch) | |
tree | 5475b31f9415204e5c883a1d01a1459b5d309f8c /usr/local/www/system_firmware_settings.php | |
parent | 621baeb604d1125e10222a70ba9a7efa85eff22b (diff) | |
download | pfsense-d213c48520c6d694e660b208340e4e632e153585.zip pfsense-d213c48520c6d694e660b208340e4e632e153585.tar.gz |
Fix some low-hanging potential security issues.
Diffstat (limited to 'usr/local/www/system_firmware_settings.php')
-rw-r--r-- | usr/local/www/system_firmware_settings.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/usr/local/www/system_firmware_settings.php b/usr/local/www/system_firmware_settings.php index ec48469..3959ea6 100644 --- a/usr/local/www/system_firmware_settings.php +++ b/usr/local/www/system_firmware_settings.php @@ -167,7 +167,7 @@ function enable_altfirmwareurl(enable_over) { <td class="vtable"> <input name="alturlenable" type="checkbox" id="alturlenable" value="yes" onclick="enable_altfirmwareurl()" <?php if(isset($curcfg['alturl']['enable'])) echo "checked=\"checked\""; ?> /> <?=gettext("Use an unofficial server for firmware upgrades") ?><br /> <table summary="alternative Base URL"> - <tr><td><?=gettext("Base URL:"); ?></td><td><input name="firmwareurl" type="text" class="formfld url" id="firmwareurl" size="64" value="<?php if($curcfg['alturl']['firmwareurl']) echo $curcfg['alturl']['firmwareurl']; else echo $g['']; ?>" /></td></tr> + <tr><td><?=gettext("Base URL:"); ?></td><td><input name="firmwareurl" type="text" class="formfld url" id="firmwareurl" size="64" value="<?php if($curcfg['alturl']['firmwareurl']) echo htmlspecialchars($curcfg['alturl']['firmwareurl']); else echo $g['']; ?>" /></td></tr> </table> <span class="vexpl"> <?=gettext("This is where"); ?> <?php echo $g['product_name'] ?> <?=gettext("will check for newer firmware versions when the"); ?> <a href="system_firmware_check.php"><?=gettext("System: Firmware: Auto Update"); ?></a> <?=gettext("page is viewed."); ?> @@ -224,7 +224,7 @@ function enable_altfirmwareurl(enable_over) { <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Repository URL"); ?></td> <td width="78%" class="vtable"> - <input name="repositoryurl" type="text" class="formfld url" id="repositoryurl" size="64" value="<?php if ($gitcfg['repositoryurl']) echo $gitcfg['repositoryurl']; ?>" /> + <input name="repositoryurl" type="text" class="formfld url" id="repositoryurl" size="64" value="<?php if ($gitcfg['repositoryurl']) echo htmlspecialchars($gitcfg['repositoryurl']); ?>" /> <?php if($lastrepositoryurl): ?> <br /> <?=sprintf(gettext("The most recently used repository was %s"), $lastrepositoryurl); ?> @@ -250,7 +250,7 @@ function enable_altfirmwareurl(enable_over) { <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Branch name"); ?></td> <td width="78%" class="vtable"> - <input name="branch" type="text" class="formfld unknown" id="branch" size="64" value="<?php if ($gitcfg['branch']) echo $gitcfg['branch']; ?>" /> + <input name="branch" type="text" class="formfld unknown" id="branch" size="64" value="<?php if ($gitcfg['branch']) echo htmlspecialchars($gitcfg['branch']); ?>" /> <?php if($lastbranch): ?> <br /> <?=sprintf(gettext("The most recently used branch was %s"), $lastbranch); ?> |