diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2010-11-12 11:36:13 -0500 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2010-11-12 11:36:20 -0500 |
commit | dd5bf424c155922b065b45e64733bdf8de620c0f (patch) | |
tree | 1b22756ce120544141edc9d3f2159037b955c2bc /usr/local/www/vpn_openvpn_server.php | |
parent | 4656943e59eb19a534c06cc253e266da6c52e915 (diff) | |
download | pfsense-dd5bf424c155922b065b45e64733bdf8de620c0f.zip pfsense-dd5bf424c155922b065b45e64733bdf8de620c0f.tar.gz |
Fix XSS issues
Diffstat (limited to 'usr/local/www/vpn_openvpn_server.php')
-rw-r--r-- | usr/local/www/vpn_openvpn_server.php | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php index 4f74fd4..7cb4332 100644 --- a/usr/local/www/vpn_openvpn_server.php +++ b/usr/local/www/vpn_openvpn_server.php @@ -1099,7 +1099,7 @@ if ($savemsg) <span class="vexpl"> <?=gettext("Server"); ?> #1: </span> - <input name="dns_server1" type="text" class="formfld unknown" id="dns_server1" size="20" value="<?=$pconfig['dns_server1'];?>"> + <input name="dns_server1" type="text" class="formfld unknown" id="dns_server1" size="20" value="<?=htmlspecialchars($pconfig['dns_server1']);?>"> </td> </tr> <tr> @@ -1107,7 +1107,7 @@ if ($savemsg) <span class="vexpl"> <?=gettext("Server"); ?> #2: </span> - <input name="dns_server2" type="text" class="formfld unknown" id="dns_server2" size="20" value="<?=$pconfig['dns_server2'];?>"> + <input name="dns_server2" type="text" class="formfld unknown" id="dns_server2" size="20" value="<?=htmlspecialchars($pconfig['dns_server2']);?>"> </td> </tr> <tr> @@ -1115,7 +1115,7 @@ if ($savemsg) <span class="vexpl"> <?=gettext("Server"); ?> #3: </span> - <input name="dns_server3" type="text" class="formfld unknown" id="dns_server3" size="20" value="<?=$pconfig['dns_server3'];?>"> + <input name="dns_server3" type="text" class="formfld unknown" id="dns_server3" size="20" value="<?=htmlspecialchars($pconfig['dns_server3']);?>"> </td> </tr> <tr> @@ -1123,7 +1123,7 @@ if ($savemsg) <span class="vexpl"> <?=gettext("Server"); ?> #4: </span> - <input name="dns_server4" type="text" class="formfld unknown" id="dns_server4" size="20" value="<?=$pconfig['dns_server4'];?>"> + <input name="dns_server4" type="text" class="formfld unknown" id="dns_server4" size="20" value="<?=htmlspecialchars($pconfig['dns_server4']);?>"> </td> </tr> </table> @@ -1151,7 +1151,7 @@ if ($savemsg) <span class="vexpl"> <?=gettext("Server"); ?> #1: </span> - <input name="ntp_server1" type="text" class="formfld unknown" id="ntp_server1" size="20" value="<?=$pconfig['ntp_server1'];?>"> + <input name="ntp_server1" type="text" class="formfld unknown" id="ntp_server1" size="20" value="<?=htmlspecialchars($pconfig['ntp_server1']);?>"> </td> </tr> <tr> @@ -1159,7 +1159,7 @@ if ($savemsg) <span class="vexpl"> <?=gettext("Server"); ?> #2: </span> - <input name="ntp_server2" type="text" class="formfld unknown" id="ntp_server2" size="20" value="<?=$pconfig['ntp_server2'];?>"> + <input name="ntp_server2" type="text" class="formfld unknown" id="ntp_server2" size="20" value="<?=htmlspecialchars($pconfig['ntp_server2']);?>"> </td> </tr> </table> @@ -1247,7 +1247,7 @@ if ($savemsg) <span class="vexpl"> <?=gettext("Server"); ?> #1: </span> - <input name="wins_server1" type="text" class="formfld unknown" id="wins_server1" size="20" value="<?=$pconfig['wins_server1'];?>"> + <input name="wins_server1" type="text" class="formfld unknown" id="wins_server1" size="20" value="<?=htmlspecialchars($pconfig['wins_server1']);?>"> </td> </tr> <tr> @@ -1255,7 +1255,7 @@ if ($savemsg) <span class="vexpl"> <?=gettext("Server"); ?> #2: </span> - <input name="wins_server2" type="text" class="formfld unknown" id="wins_server2" size="20" value="<?=$pconfig['wins_server2'];?>"> + <input name="wins_server2" type="text" class="formfld unknown" id="wins_server2" size="20" value="<?=htmlspecialchars($pconfig['wins_server2']);?>"> </td> </tr> </table> @@ -1276,7 +1276,7 @@ if ($savemsg) <table border="0" cellpadding="2" cellspacing="0"> <tr> <td> - <textarea rows="6" cols="78" name="custom_options" id="custom_options"><?=$pconfig['custom_options'];?></textarea><br/> + <textarea rows="6" cols="78" name="custom_options" id="custom_options"><?=htmlspecialchars($pconfig['custom_options']);?></textarea><br/> <?=gettext("Enter any additional options you would like to add to the OpenVPN server configuration here, separated by a semicolon"); ?><br/> <?=gettext("EXAMPLE: push \"route 10.0.0.0 255.255.255.0\""); ?>; </td> |