diff options
author | Renato Botelho <garga@FreeBSD.org> | 2014-06-19 11:29:18 -0300 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2014-06-19 11:30:38 -0300 |
commit | bef1056048aa2e0839fd5839e83da154f06c8c2c (patch) | |
tree | 6d6ea5a62a45c82428bacb80d7530205a6790913 /usr/local/www | |
parent | daeab6c45370e05491ae60f854fb3b9967c6f94d (diff) | |
download | pfsense-bef1056048aa2e0839fd5839e83da154f06c8c2c.zip pfsense-bef1056048aa2e0839fd5839e83da154f06c8c2c.tar.gz |
Make sure single quotes are encoded and avoid javascript injection
Diffstat (limited to 'usr/local/www')
-rw-r--r-- | usr/local/www/exec.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/usr/local/www/exec.php b/usr/local/www/exec.php index b95b72b..1963508 100644 --- a/usr/local/www/exec.php +++ b/usr/local/www/exec.php @@ -108,8 +108,8 @@ if (isBlank( $_POST['txtRecallBuffer'] )) { puts( " var arrRecallBuffer = new Array(" ); $arrBuffer = explode( "&", $_POST['txtRecallBuffer'] ); for ($i=0; $i < (count( $arrBuffer ) - 1); $i++) - puts( " '" . htmlspecialchars($arrBuffer[$i]) . "'," ); - puts( " '" . htmlspecialchars($arrBuffer[count( $arrBuffer ) - 1]) . "'" ); + puts( " '" . htmlspecialchars($arrBuffer[$i], ENT_QUOTES | ENT_HTML401) . "'," ); + puts( " '" . htmlspecialchars($arrBuffer[count( $arrBuffer ) - 1], ENT_QUOTES | ENT_HTML401) . "'" ); puts( " );" ); } |