Fix XSS issues

author: Scott Ullrich <sullrich@pfsense.org> 2010-11-12 11:36:13 -0500
committer: Scott Ullrich <sullrich@pfsense.org> 2010-11-12 11:36:20 -0500
commit: dd5bf424c155922b065b45e64733bdf8de620c0f (patch)
tree: 1b22756ce120544141edc9d3f2159037b955c2bc /usr/local/www/vpn_openvpn_client.php
parent: 4656943e59eb19a534c06cc253e266da6c52e915 (diff)
download: pfsense-dd5bf424c155922b065b45e64733bdf8de620c0f.zip
pfsense-dd5bf424c155922b065b45e64733bdf8de620c0f.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/usr/local/www/vpn_openvpn_client.php b/usr/local/www/vpn_openvpn_client.php
index 93eb56c..04bbeb9 100644
--- a/usr/local/www/vpn_openvpn_client.php
+++ b/usr/local/www/vpn_openvpn_client.php
@@ -809,7 +809,7 @@ if ($savemsg)
 							<table border="0" cellpadding="2" cellspacing="0">
 								<tr>
 									<td>
-										<textarea rows="6" cols="78" name="custom_options" id="custom_options"><?=$pconfig['custom_options'];?></textarea><br/>
+										<textarea rows="6" cols="78" name="custom_options" id="custom_options"><?=htmlspecialchars($pconfig['custom_options']);?></textarea><br/>
 										<?=gettext("Enter any additional options you would like to add to the OpenVPN client configuration here, separated by a semicolon"); ?><br/>
 										<?=gettext("EXAMPLE: route 10.0.0.0 255.255.255.0;"); ?>
 									</td>
author	Scott Ullrich <sullrich@pfsense.org>	2010-11-12 11:36:13 -0500
committer	Scott Ullrich <sullrich@pfsense.org>	2010-11-12 11:36:20 -0500
commit	dd5bf424c155922b065b45e64733bdf8de620c0f (patch)
tree	1b22756ce120544141edc9d3f2159037b955c2bc /usr/local/www/vpn_openvpn_client.php
parent	4656943e59eb19a534c06cc253e266da6c52e915 (diff)
download	pfsense-dd5bf424c155922b065b45e64733bdf8de620c0f.zip pfsense-dd5bf424c155922b065b45e64733bdf8de620c0f.tar.gz