diff options
author | jim-p <jimp@pfsense.org> | 2012-10-31 16:01:35 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2012-10-31 16:01:35 -0400 |
commit | 313a14f759db9ac1c2f12efa808a14e1bc0c5f5e (patch) | |
tree | 2fb718ef31c10f7e2159a9f9511154bbee408775 /usr/local/www | |
parent | 8db87547be6e069dd7b91e321e11a7924fc92e76 (diff) | |
download | pfsense-313a14f759db9ac1c2f12efa808a14e1bc0c5f5e.zip pfsense-313a14f759db9ac1c2f12efa808a14e1bc0c5f5e.tar.gz |
More encoding...
Diffstat (limited to 'usr/local/www')
-rwxr-xr-x | usr/local/www/pkg_edit.php | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/usr/local/www/pkg_edit.php b/usr/local/www/pkg_edit.php index 9c4841e..2cc8f98 100755 --- a/usr/local/www/pkg_edit.php +++ b/usr/local/www/pkg_edit.php @@ -361,7 +361,7 @@ if ($pkg['custom_php_after_head_command']) <?php include("fbegin.inc"); ?> <?php if (!empty($input_errors)) print_input_errors($input_errors); ?> <form name="iform" action="pkg_edit.php" method="post"> -<input type="hidden" name="xml" value="<?= $xml ?>"> +<input type="hidden" name="xml" value="<?= htmlspecialchars($xml) ?>"> <?php if ($savemsg) print_info_box($savemsg); ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <?php @@ -513,7 +513,7 @@ if ($pkg['tabs'] <> "") { switch($pkga['type']){ case "input": $size = ($pkga['size'] ? " size='{$pkga['size']}' " : ""); - $input = "<input {$size} id='{$pkga['fieldname']}' name='{$pkga['fieldname']}' class='formfld unknown' value='{$value}'>\n"; + $input = "<input {$size} id='{$pkga['fieldname']}' name='{$pkga['fieldname']}' class='formfld unknown' value='" . htmlspecialchars($value) ."'>\n"; $input .= "<br>" . fixup_string($pkga['description']) . "\n"; if(isset($pkga['advancedfield']) && isset($adv_filed_count)) { $js_array[] = $pkga['fieldname']; @@ -525,7 +525,7 @@ if ($pkg['tabs'] <> "") { case "password": $size = ($pkga['size'] ? " size='{$pkga['size']}' " : ""); - $input = "<input " . $size . " id='" . $pkga['fieldname'] . "' type='password' " . $size . " name='" . $pkga['fieldname'] . "' class='formfld pwd' value='" . $value . "'>\n"; + $input = "<input " . $size . " id='" . $pkga['fieldname'] . "' type='password' " . $size . " name='" . $pkga['fieldname'] . "' class='formfld pwd' value='" . htmlspecialchars($value) . "'>\n"; $input .= "<br>" . fixup_string($pkga['description']) . "\n"; if(isset($pkga['advancedfield']) && isset($adv_filed_count)) { $js_array[] = $pkga['fieldname']; @@ -873,8 +873,8 @@ if ($pkg['tabs'] <> "") { echo "<p><span class=\"red\"><strong>" . gettext("Note") . ":</strong></span> {$pkg['note']}</p>"; } //if (isset($id) && $a_pkg[$id]) // We'll always have a valid ID in our hands - echo "<input name='id' type='hidden' value='{$id}'>"; - echo "<input name='Submit' type='submit' class='formbtn' value='{$savevalue}'>\n{$pkg_buttons}\n"; + echo "<input name='id' type='hidden' value='" . htmlspecialchars($id) . "'>"; + echo "<input name='Submit' type='submit' class='formbtn' value='" . htmlspecialchars($savevalue) . "'>\n{$pkg_buttons}\n"; if (!$only_edit){ echo "<input class='formbtn' type='button' value='".gettext("Cancel")."' onclick='history.back()'>"; } @@ -917,13 +917,13 @@ function display_row($trc, $value, $fieldname, $type, $rowhelper, $size) { echo "<td>\n"; switch($type){ case "input": - echo "<input size='{$size}' name='{$fieldname}{$trc}' id='{$fieldname}{$trc}' class='formfld unknown' value='{$value}'>\n"; + echo "<input size='{$size}' name='{$fieldname}{$trc}' id='{$fieldname}{$trc}' class='formfld unknown' value='" . htmlspecialchars($value) . "'>\n"; break; case "checkbox": echo "<input size='{$size}' type='checkbox' id='{$fieldname}{$trc}' name='{$fieldname}{$trc}' value='ON' ".($value?"CHECKED":"").">\n"; break; case "password": - echo "<input size='{$size}' type='password' id='{$fieldname}{$trc}' name='{$fieldname}{$trc}' class='formfld pwd' value='{$value}'>\n"; + echo "<input size='{$size}' type='password' id='{$fieldname}{$trc}' name='{$fieldname}{$trc}' class='formfld pwd' value='" . htmlspecialchars($value) . "'>\n"; break; case "textarea": echo "<textarea rows='2' cols='12' id='{$fieldname}{$trc}' class='formfld unknown' name='{$fieldname}{$trc}'>{$value}</textarea>\n"; |