diff options
author | jim-p <jimp@pfsense.org> | 2015-03-05 09:55:00 -0500 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2015-03-05 09:55:00 -0500 |
commit | 108be9a52933b4f77ee9d8488a90494f7c2bace0 (patch) | |
tree | 092c7cd60a363380f9a78d512e3e1a8898973c79 /usr/local | |
parent | c49db631492406ef03faf7df060318fbedfd83cb (diff) | |
download | pfsense-108be9a52933b4f77ee9d8488a90494f7c2bace0.zip pfsense-108be9a52933b4f77ee9d8488a90494f7c2bace0.tar.gz |
Stricter validation and encoding for traffic shaper queues.
Diffstat (limited to 'usr/local')
-rw-r--r-- | usr/local/www/firewall_shaper.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/usr/local/www/firewall_shaper.php b/usr/local/www/firewall_shaper.php index 99ec1f6..835085b 100644 --- a/usr/local/www/firewall_shaper.php +++ b/usr/local/www/firewall_shaper.php @@ -64,7 +64,7 @@ read_altq_config(); if ($_GET) { if ($_GET['queue']) - $qname = trim($_GET['queue']); + $qname = htmlspecialchars(trim($_GET['queue'])); if ($_GET['interface']) $interface = htmlspecialchars(trim($_GET['interface'])); if ($_GET['action']) @@ -164,7 +164,7 @@ if ($_GET) { $q->SetInterface($interface); $output_form .= $q->build_form(); $output_form .= "<input type=\"hidden\" name=\"parentqueue\" id=\"parentqueue\""; - $output_form .= " value=\"".$qname."\" />"; + $output_form .= " value=\"".htmlspecialchars($qname)."\" />"; $newjavascript = $q->build_javascript(); unset($q); $newqueue = true; |