diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2010-11-12 11:36:13 -0500 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2010-11-12 11:36:20 -0500 |
commit | dd5bf424c155922b065b45e64733bdf8de620c0f (patch) | |
tree | 1b22756ce120544141edc9d3f2159037b955c2bc /usr/local/www/system_groupmanager.php | |
parent | 4656943e59eb19a534c06cc253e266da6c52e915 (diff) | |
download | pfsense-dd5bf424c155922b065b45e64733bdf8de620c0f.zip pfsense-dd5bf424c155922b065b45e64733bdf8de620c0f.tar.gz |
Fix XSS issues
Diffstat (limited to 'usr/local/www/system_groupmanager.php')
-rw-r--r-- | usr/local/www/system_groupmanager.php | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/usr/local/www/system_groupmanager.php b/usr/local/www/system_groupmanager.php index d3978f0..4bf1c25 100644 --- a/usr/local/www/system_groupmanager.php +++ b/usr/local/www/system_groupmanager.php @@ -262,7 +262,7 @@ function presubmit() { <td width="22%" valign="top" class="vncell"><?=gettext("Defined by");?></td> <td width="78%" class="vtable"> <strong><?=strtoupper($pconfig['gtype']);?></strong> - <input name="gtype" type="hidden" value="<?=$pconfig['gtype']?>"/> + <input name="gtype" type="hidden" value="<?=htmlspecialchars($pconfig['gtype'])?>"/> </td> </tr> <tr> @@ -360,7 +360,7 @@ function presubmit() { <?=htmlspecialchars($priv_list[$priv]['descr']);?> </td> <td valign="middle" nowrap class="list"> - <a href="system_groupmanager.php?act=delpriv&id=<?=$id?>&privid=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this privilege?");?>')"> + <a href="system_groupmanager.php?act=delpriv&id=<?=htmlspecialchars($id)?>&privid=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this privilege?");?>')"> <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="" /> </a> </td> @@ -373,7 +373,7 @@ function presubmit() { <tr> <td class="list" colspan="2"></td> <td class="list"> - <a href="system_groupmanager_addprivs.php?groupid=<?=$id?>"> + <a href="system_groupmanager_addprivs.php?groupid=<?=htmlspecialchars($id)?>"> <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="" /> </a> @@ -389,8 +389,8 @@ function presubmit() { <td width="78%"> <input name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>"> <?php if (isset($id) && $a_group[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"> - <input name="gid" type="hidden" value="<?=$pconfig['gid'];?>"> + <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>"> + <input name="gid" type="hidden" value="<?=htmlspecialchars($pconfig['gid']);?>"> <?php endif; ?> </td> </tr> |