diff options
author | Renato Botelho <garga@FreeBSD.org> | 2013-09-06 08:08:03 -0300 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2013-09-06 08:08:03 -0300 |
commit | 605ae5537da157adfb414cc8837d465c132f4c8c (patch) | |
tree | 4637972b1c7fb3eeda71472fd7440235ef64682d /usr/local/www/system_gateways_edit.php | |
parent | 8346b5c462bf349f8f81a3af4466c03e95a3d01a (diff) | |
download | pfsense-605ae5537da157adfb414cc8837d465c132f4c8c.zip pfsense-605ae5537da157adfb414cc8837d465c132f4c8c.tar.gz |
Fix #3127
By default htmlspecialchars does not consider single quotes, what can be
a problem when value attribute is set using it. Replace value attribute
set to use double quotes on places where it's obviously recieving a
result of htmlspecialchars() call.
Diffstat (limited to 'usr/local/www/system_gateways_edit.php')
-rwxr-xr-x | usr/local/www/system_gateways_edit.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/usr/local/www/system_gateways_edit.php b/usr/local/www/system_gateways_edit.php index 7abd1f4..a1a0df5 100755 --- a/usr/local/www/system_gateways_edit.php +++ b/usr/local/www/system_gateways_edit.php @@ -483,9 +483,9 @@ function monitor_change() { /* If this is a system gateway we need this var */ if(($pconfig['attribute'] == "system") || is_numeric($pconfig['attribute'])) { - echo "<input type='hidden' name='attribute' id='attribute' value='" . htmlspecialchars($pconfig['attribute']) . "' />\n"; + echo "<input type='hidden' name='attribute' id='attribute' value=\"" . htmlspecialchars($pconfig['attribute']) . "\" />\n"; } - echo "<input type='hidden' name='friendlyiface' id='friendlyiface' value='" . htmlspecialchars($pconfig['friendlyiface']) . "' />\n"; + echo "<input type='hidden' name='friendlyiface' id='friendlyiface' value=\"" . htmlspecialchars($pconfig['friendlyiface']) . "\" />\n"; ?> <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="system gateways edit"> <tr> |