diff options
| author | jim-p <jimp@pfsense.org> | 2012-10-31 16:05:33 -0400 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2012-10-31 16:05:33 -0400 |
| commit | 8ec9cba4b9c6783afe35b5924c6cfa23b56b204a (patch) | |
| tree | f7ff39c7dfe25d631f05ff2d9d23ffed5d32719b /usr/local/www/wizard.php | |
| parent | 313a14f759db9ac1c2f12efa808a14e1bc0c5f5e (diff) | |
| download | pfsense-8ec9cba4b9c6783afe35b5924c6cfa23b56b204a.zip pfsense-8ec9cba4b9c6783afe35b5924c6cfa23b56b204a.tar.gz | |
Still more encoding...
Diffstat (limited to 'usr/local/www/wizard.php')
| -rwxr-xr-x | usr/local/www/wizard.php | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/usr/local/www/wizard.php b/usr/local/www/wizard.php index f191b98..90f7af2 100755 --- a/usr/local/www/wizard.php +++ b/usr/local/www/wizard.php @@ -304,8 +304,8 @@ function showchange() { <?php } ?> <form action="wizard.php" method="post" name="iform" id="iform"> -<input type="hidden" name="xml" value="<?= $xml ?>"> -<input type="hidden" name="stepid" value="<?= $stepid ?>"> +<input type="hidden" name="xml" value="<?= htmlspecialchars($xml) ?>"> +<input type="hidden" name="stepid" value="<?= htmlspecialchars($stepid) ?>"> <center> @@ -390,7 +390,7 @@ function showchange() { if(!$field['dontcombinecells']) echo "<td class=\"vtable\">\n"; - echo "<input class='formfld unknown' id='" . $name . "' name='" . $name . "' value='" . $value . "'"; + echo "<input class='formfld unknown' id='" . $name . "' name='" . $name . "' value='" . htmlspecialchars($value) . "'"; if($field['size']) echo " size='" . $field['size'] . "' "; if($field['validate']) @@ -421,7 +421,7 @@ function showchange() { echo "<td class=\"vtable\">\n"; $inputaliases[] = $name; - echo "<input class='formfldalias' autocomplete='off' class='formfldalias' id='" . $name . "' name='" . $name . "' value='" . $value . "'"; + echo "<input class='formfldalias' autocomplete='off' class='formfldalias' id='" . $name . "' name='" . $name . "' value='" . htmlspecialchars($value) . "'"; if($field['size']) echo " size='" . $field['size'] . "' "; if($field['validate']) @@ -494,7 +494,7 @@ function showchange() { } if(!$field['dontcombinecells']) echo "<td class=\"vtable\">"; - echo "<input class='formfld pwd' id='" . $name . "' name='" . $name . "' value='" . $value . "' type='password' "; + echo "<input class='formfld pwd' id='" . $name . "' name='" . $name . "' value='" . htmlspecialchars($value) . "' type='password' "; if($field['size']) echo " size='" . $field['size'] . "' "; echo ">\n"; @@ -650,7 +650,7 @@ function showchange() { case "submit": echo "<td> <br></td></tr>"; echo "<tr><td colspan='2'><center>"; - echo "<input type='submit' name='" . $name . "' value='" . $field['name'] . "'>\n"; + echo "<input type='submit' name='" . $name . "' value='" . htmlspecialchars($field['name']) . "'>\n"; if($field['description'] <> "") { echo "<br /> " . $field['description']; |
