diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2010-11-12 11:36:13 -0500 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2010-11-12 11:36:20 -0500 |
commit | dd5bf424c155922b065b45e64733bdf8de620c0f (patch) | |
tree | 1b22756ce120544141edc9d3f2159037b955c2bc /usr/local/www/vpn_ipsec_phase1.php | |
parent | 4656943e59eb19a534c06cc253e266da6c52e915 (diff) | |
download | pfsense-dd5bf424c155922b065b45e64733bdf8de620c0f.zip pfsense-dd5bf424c155922b065b45e64733bdf8de620c0f.tar.gz |
Fix XSS issues
Diffstat (limited to 'usr/local/www/vpn_ipsec_phase1.php')
-rw-r--r-- | usr/local/www/vpn_ipsec_phase1.php | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/usr/local/www/vpn_ipsec_phase1.php b/usr/local/www/vpn_ipsec_phase1.php index c2ba332..c498858 100644 --- a/usr/local/www/vpn_ipsec_phase1.php +++ b/usr/local/www/vpn_ipsec_phase1.php @@ -527,7 +527,7 @@ function dpdchkbox_change() { <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("Remote gateway"); ?></td> <td width="78%" class="vtable"> - <?=$mandfldhtml;?><input name="remotegw" type="text" class="formfld unknown" id="remotegw" size="20" value="<?=$pconfig['remotegw'];?>"> + <?=$mandfldhtml;?><input name="remotegw" type="text" class="formfld unknown" id="remotegw" size="20" value="<?=htmlspecialchars($pconfig['remotegw']);?>"> <br> <?=gettext("Enter the public IP address or host name of the remote gateway"); ?> </td> @@ -599,7 +599,7 @@ function dpdchkbox_change() { </option> <?php endforeach; ?> </select> - <input name="myid_data" type="text" class="formfld unknown" id="myid_data" size="30" value="<?=$pconfig['myid_data'];?>"> + <input name="myid_data" type="text" class="formfld unknown" id="myid_data" size="30" value="<?=htmlspecialchars($pconfig['myid_data']);?>"> </td> </tr> <tr id="opt_peerid"> @@ -616,7 +616,7 @@ function dpdchkbox_change() { </option> <?php endforeach; ?> </select> - <input name="peerid_data" type="text" class="formfld unknown" id="peerid_data" size="30" value="<?=$pconfig['peerid_data'];?>"> + <input name="peerid_data" type="text" class="formfld unknown" id="peerid_data" size="30" value="<?=htmlspecialchars($pconfig['peerid_data']);?>"> <?php if ($pconfig['mobile']) { ?> <br/><br/><?=gettext("NOTE: This is known as the \"group\" setting on some VPN client implementations"); ?>. <?php } ?> @@ -705,7 +705,7 @@ function dpdchkbox_change() { <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Lifetime"); ?></td> <td width="78%" class="vtable"> - <input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="20" value="<?=$pconfig['lifetime'];?>"> + <input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="20" value="<?=htmlspecialchars($pconfig['lifetime']);?>"> <?=gettext("seconds"); ?> </td> </tr> @@ -775,13 +775,13 @@ function dpdchkbox_change() { <?=gettext("Enable DPD"); ?><br> <div id="opt_dpd"> <br> - <input name="dpd_delay" type="text" class="formfld unknown" id="dpd_delay" size="5" value="<?=$pconfig['dpd_delay'];?>"> + <input name="dpd_delay" type="text" class="formfld unknown" id="dpd_delay" size="5" value="<?=htmlspecialchars($pconfig['dpd_delay']);?>"> <?=gettext("seconds"); ?><br> <span class="vexpl"> <?=gettext("Delay between requesting peer acknowledgement"); ?>. </span><br> <br> - <input name="dpd_maxfail" type="text" class="formfld unknown" id="dpd_maxfail" size="5" value="<?=$pconfig['dpd_maxfail'];?>"> + <input name="dpd_maxfail" type="text" class="formfld unknown" id="dpd_maxfail" size="5" value="<?=htmlspecialchars($pconfig['dpd_maxfail']);?>"> <?=gettext("retries"); ?><br> <span class="vexpl"> <?=gettext("Number of consecutive failures allowed before disconnect"); ?>. @@ -799,7 +799,7 @@ function dpdchkbox_change() { <?php if ($pconfig['mobile']): ?> <input name="mobile" type="hidden" value="true"> <?php endif; ?> - <input name="ikeid" type="hidden" value="<?=$pconfig['ikeid'];?>"> + <input name="ikeid" type="hidden" value="<?=htmlspecialchars($pconfig['ikeid']);?>"> <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>"> </td> </tr> |