diff options
author | Renato Botelho <garga@FreeBSD.org> | 2014-03-11 16:57:28 -0300 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2014-03-11 16:57:28 -0300 |
commit | ea44d3baafba7e53317604e5fd964e3839d0d6d5 (patch) | |
tree | 8a4af5850a70a18bec4f711a1fdae7c4ae64caed /usr/local/www | |
parent | c18468417683b03255bdca2493c7acf21a2e06e1 (diff) | |
download | pfsense-ea44d3baafba7e53317604e5fd964e3839d0d6d5.zip pfsense-ea44d3baafba7e53317604e5fd964e3839d0d6d5.tar.gz |
Pass id variable through htmlspecialchars before print it
Diffstat (limited to 'usr/local/www')
-rwxr-xr-x | usr/local/www/vpn_pppoe_edit.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/usr/local/www/vpn_pppoe_edit.php b/usr/local/www/vpn_pppoe_edit.php index 5f17221..e5e6403 100755 --- a/usr/local/www/vpn_pppoe_edit.php +++ b/usr/local/www/vpn_pppoe_edit.php @@ -585,7 +585,7 @@ function enable_change(enable_over) { <td width="22%" valign="top"> </td> <td width="78%"> <?php if (isset($id)) - echo "<input type='hidden' name='id' id='id' value='{$id}' />"; + echo "<input type='hidden' name='id' id='id' value='" . htmlspecialchars($id, ENT_QUOTES | ENT_HTML401) . "' />"; ?> <?php if (isset($pconfig['pppoeid'])) echo "<input type='hidden' name='pppoeid' id='pppoeid' value='{$pppoeid}' />"; |