diff options
author | jim-p <jimp@pfsense.org> | 2012-10-31 14:01:04 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2012-10-31 14:02:01 -0400 |
commit | 52ab0384ca0cf3efac1e8c36c3e05dc17f0c5758 (patch) | |
tree | 3b3dda27eedbfe77547436e16928fc8eff49b409 /usr/local | |
parent | 1457cce53e604935dbc737bb7cfd4de64a957be5 (diff) | |
download | pfsense-52ab0384ca0cf3efac1e8c36c3e05dc17f0c5758.zip pfsense-52ab0384ca0cf3efac1e8c36c3e05dc17f0c5758.tar.gz |
Encode the if parameter before using it in html
Diffstat (limited to 'usr/local')
-rwxr-xr-x | usr/local/www/guiconfig.inc | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/usr/local/www/guiconfig.inc b/usr/local/www/guiconfig.inc index 62521d5..51cb475 100755 --- a/usr/local/www/guiconfig.inc +++ b/usr/local/www/guiconfig.inc @@ -297,8 +297,8 @@ function print_info_box_np($msg, $name="apply",$value="Apply changes") { if(stristr($msg, "apply") != false || stristr($msg, "save") != false || stristr($msg, "create") != false) { $savebutton = "<td class='infoboxsave'>"; $savebutton .= "<input name=\"{$name}\" type=\"submit\" class=\"formbtn\" id=\"${name}\" value=\"{$value}\">"; - if($_POST['if']) - $savebutton .= "<input type='hidden' name='if' value='{$_POST['if']}'>"; + if($_POST['if']) + $savebutton .= "<input type='hidden' name='if' value='" . htmlspecialchars($_POST['if']) . "'>"; $savebutton.="</td>"; } $nifty_redbox = "#990000"; @@ -361,7 +361,7 @@ function print_info_box_np_undo($msg, $name="apply",$value="Apply changes", $und $savebutton .= " <input name=\"{$name}\" type=\"submit\" class=\"formbtn\" id=\"${name}\" value=\"{$value}\">"; $savebutton.="</nobr></td>"; if($_POST['if']) - $savebutton .= "<input type='hidden' name='if' value='{$_POST['if']}'>"; + $savebutton .= "<input type='hidden' name='if' value='" . htmlspecialchars($_POST['if']) . "'>"; } $nifty_redbox = "#990000"; $nifty_blackbox = "#000000"; |