diff options
author | jim-p <jimp@pfsense.org> | 2015-06-16 09:11:47 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2015-06-16 09:11:47 -0400 |
commit | 1a44770de93377392993c5baa76a69cdee02185d (patch) | |
tree | 596ed17a0b61071b920bd50c11257cb676634a64 /usr/local | |
parent | 2a1b44c96ed7b1249b31b536f510b14ebac2b472 (diff) | |
download | pfsense-1a44770de93377392993c5baa76a69cdee02185d.zip pfsense-1a44770de93377392993c5baa76a69cdee02185d.tar.gz |
Protect single quotes as well to prevent JS injection, due to the way this page uses single quotes for attributes.
Diffstat (limited to 'usr/local')
-rw-r--r-- | usr/local/www/system_advanced_notifications.php | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/usr/local/www/system_advanced_notifications.php b/usr/local/www/system_advanced_notifications.php index da0c418..f8995ac 100644 --- a/usr/local/www/system_advanced_notifications.php +++ b/usr/local/www/system_advanced_notifications.php @@ -213,28 +213,28 @@ include("head.inc"); <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Registration Name"); ?></td> <td width="78%" class="vtable"> - <input name='name' value='<?php echo htmlspecialchars($pconfig['name']); ?>' /><br /> + <input name='name' value='<?php echo htmlspecialchars($pconfig['name'], ENT_QUOTES | ENT_HTML401); ?>' /><br /> <?=gettext("Enter the name to register with the Growl server (default: PHP-Growl)."); ?> </td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Notification Name"); ?></td> <td width="78%" class="vtable"> - <input name='notification_name' value='<?php echo htmlspecialchars($pconfig['notification_name']); ?>' /><br /> + <input name='notification_name' value='<?php echo htmlspecialchars($pconfig['notification_name'], ENT_QUOTES | ENT_HTML401); ?>' /><br /> <?=sprintf(gettext("Enter a name for the Growl notifications (default: %s growl alert)."), $g['product_name']); ?> </td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("IP Address"); ?></td> <td width="78%" class="vtable"> - <input name='ipaddress' value='<?php echo htmlspecialchars($pconfig['ipaddress']); ?>' /><br /> + <input name='ipaddress' value='<?php echo htmlspecialchars($pconfig['ipaddress'], ENT_QUOTES | ENT_HTML401); ?>' /><br /> <?=gettext("This is the IP address that you would like to send growl notifications to."); ?> </td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Password"); ?></td> <td width="78%" class="vtable"> - <input name='password' type='password' value='<?php echo htmlspecialchars($pconfig['password']); ?>' /><br /> + <input name='password' type='password' value='<?php echo htmlspecialchars($pconfig['password'], ENT_QUOTES | ENT_HTML401); ?>' /><br /> <?=gettext("Enter the password of the remote growl notification device."); ?> </td> </tr> @@ -264,14 +264,14 @@ include("head.inc"); <tr> <td width="22%" valign="top" class="vncell"><?=gettext("E-Mail server"); ?></td> <td width="78%" class="vtable"> - <input name='smtpipaddress' value='<?php echo htmlspecialchars($pconfig['smtpipaddress']); ?>' /><br /> + <input name='smtpipaddress' value='<?php echo htmlspecialchars($pconfig['smtpipaddress'], ENT_QUOTES | ENT_HTML401); ?>' /><br /> <?=gettext("This is the FQDN or IP address of the SMTP E-Mail server to which notifications will be sent."); ?> </td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("SMTP Port of E-Mail server"); ?></td> <td width="78%" class="vtable"> - <input name='smtpport' value='<?php echo htmlspecialchars($pconfig['smtpport']); ?>' /><br /> + <input name='smtpport' value='<?php echo htmlspecialchars($pconfig['smtpport'], ENT_QUOTES | ENT_HTML401); ?>' /><br /> <?=gettext("This is the port of the SMTP E-Mail server, typically 25, 587 (submission) or 465 (smtps)"); ?> </td> </tr> @@ -285,28 +285,28 @@ include("head.inc"); <tr> <td width="22%" valign="top" class="vncell"><?=gettext("From e-mail address"); ?></td> <td width="78%" class="vtable"> - <input name='smtpfromaddress' type='text' value='<?php echo htmlspecialchars($pconfig['smtpfromaddress']); ?>' /><br /> + <input name='smtpfromaddress' type='text' value='<?php echo htmlspecialchars($pconfig['smtpfromaddress'], ENT_QUOTES | ENT_HTML401); ?>' /><br /> <?=gettext("This is the e-mail address that will appear in the from field."); ?> </td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Notification E-Mail address"); ?></td> <td width="78%" class="vtable"> - <input name='smtpnotifyemailaddress' type='text' value='<?php echo htmlspecialchars($pconfig['smtpnotifyemailaddress']); ?>' /><br /> + <input name='smtpnotifyemailaddress' type='text' value='<?php echo htmlspecialchars($pconfig['smtpnotifyemailaddress'], ENT_QUOTES | ENT_HTML401); ?>' /><br /> <?=gettext("Enter the e-mail address that you would like email notifications sent to."); ?> </td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Notification E-Mail auth username (optional)"); ?></td> <td width="78%" class="vtable"> - <input name='smtpusername' type='text' value='<?php echo htmlspecialchars($pconfig['smtpusername']); ?>' /><br /> + <input name='smtpusername' type='text' value='<?php echo htmlspecialchars($pconfig['smtpusername'], ENT_QUOTES | ENT_HTML401); ?>' /><br /> <?=gettext("Enter the e-mail address username for SMTP authentication."); ?> </td> </tr> <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Notification E-Mail auth password"); ?></td> <td width="78%" class="vtable"> - <input name='smtppassword' type='password' value='<?php echo htmlspecialchars($pconfig['smtppassword']); ?>' /><br /> + <input name='smtppassword' type='password' value='<?php echo htmlspecialchars($pconfig['smtppassword'], ENT_QUOTES | ENT_HTML401); ?>' /><br /> <?=gettext("Enter the e-mail address password for SMTP authentication."); ?> </td> </tr> |