diff options
| author | jim-p <jimp@pfsense.org> | 2015-06-16 10:57:55 -0400 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2015-06-16 10:57:55 -0400 |
| commit | 2debaf5c34065aee52e4c095f4b120c5da518d3e (patch) | |
| tree | 28a79c5c674333a624367e207abbfc91562549e1 /usr/local/www/system_firmware_settings.php | |
| parent | 3aef3ad0c052443b1801ec216e1e6f87a6d984a8 (diff) | |
| download | pfsense-2debaf5c34065aee52e4c095f4b120c5da518d3e.zip pfsense-2debaf5c34065aee52e4c095f4b120c5da518d3e.tar.gz | |
Fix some low-hanging potential security issues.
Diffstat (limited to 'usr/local/www/system_firmware_settings.php')
| -rw-r--r-- | usr/local/www/system_firmware_settings.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/usr/local/www/system_firmware_settings.php b/usr/local/www/system_firmware_settings.php index f2232d6..9f6c5e0 100644 --- a/usr/local/www/system_firmware_settings.php +++ b/usr/local/www/system_firmware_settings.php @@ -179,7 +179,7 @@ function enable_altfirmwareurl(enable_over) { <?=gettext("Base URL:"); ?> </td> <td> - <input name="firmwareurl" type="text" class="formfld url" id="firmwareurl" size="64" value="<?php if ($curcfg['alturl']['firmwareurl']) echo $curcfg['alturl']['firmwareurl']; else echo $g['']; ?>" /> + <input name="firmwareurl" type="text" class="formfld url" id="firmwareurl" size="64" value="<?php if ($curcfg['alturl']['firmwareurl']) echo htmlspecialchars($curcfg['alturl']['firmwareurl']); else echo $g['']; ?>" /> </td> </tr> </table> @@ -241,7 +241,7 @@ function enable_altfirmwareurl(enable_over) { <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Repository URL"); ?></td> <td width="78%" class="vtable"> - <input name="repositoryurl" type="text" class="formfld url" id="repositoryurl" size="64" value="<?php if ($gitcfg['repositoryurl']) echo $gitcfg['repositoryurl']; ?>" /> + <input name="repositoryurl" type="text" class="formfld url" id="repositoryurl" size="64" value="<?php if ($gitcfg['repositoryurl']) echo htmlspecialchars($gitcfg['repositoryurl']); ?>" /> <?php if ($lastrepositoryurl): ?> @@ -271,7 +271,7 @@ function enable_altfirmwareurl(enable_over) { <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Branch name"); ?></td> <td width="78%" class="vtable"> - <input name="branch" type="text" class="formfld unknown" id="branch" size="64" value="<?php if ($gitcfg['branch']) echo $gitcfg['branch']; ?>" /> + <input name="branch" type="text" class="formfld unknown" id="branch" size="64" value="<?php if ($gitcfg['branch']) echo htmlspecialchars($gitcfg['branch']); ?>" /> <?php if ($lastbranch): ?> |
