Encode the rule description before displaying back to the user in an error when attempting to delete an in-use alias.

author: jim-p <jimp@pfsense.org> 2015-09-01 12:17:02 -0400
committer: jim-p <jimp@pfsense.org> 2015-09-01 12:17:02 -0400
commit: 1782b45d4b73cd3adb244ece78393b277fedd157 (patch)
tree: 57911e4bc120350085db69433490156a6ce0cc05 /usr/local
parent: 1107259e9c8130f1d2e44a55ff5b8154bf03413a (diff)
download: pfsense-1782b45d4b73cd3adb244ece78393b277fedd157.zip
pfsense-1782b45d4b73cd3adb244ece78393b277fedd157.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/usr/local/www/firewall_aliases.php b/usr/local/www/firewall_aliases.php
index d4efcf5..7e9ce20 100644
--- a/usr/local/www/firewall_aliases.php
+++ b/usr/local/www/firewall_aliases.php
@@ -106,7 +106,7 @@ if ($_GET['act'] == "del") {
 		// Static routes
 		find_alias_reference(array('staticroutes', 'route'), array('network'), $alias_name, $is_alias_referenced, $referenced_by);
 		if($is_alias_referenced == true) {
-			$savemsg = sprintf(gettext("Cannot delete alias. Currently in use by %s"), $referenced_by);
+			$savemsg = sprintf(gettext("Cannot delete alias. Currently in use by %s"), htmlspecialchars($referenced_by));
 		} else {
 			unset($a_aliases[$_GET['id']]);
 			if (write_config()) {
author	jim-p <jimp@pfsense.org>	2015-09-01 12:17:02 -0400
committer	jim-p <jimp@pfsense.org>	2015-09-01 12:17:02 -0400
commit	1782b45d4b73cd3adb244ece78393b277fedd157 (patch)
tree	57911e4bc120350085db69433490156a6ce0cc05 /usr/local
parent	1107259e9c8130f1d2e44a55ff5b8154bf03413a (diff)
download	pfsense-1782b45d4b73cd3adb244ece78393b277fedd157.zip pfsense-1782b45d4b73cd3adb244ece78393b277fedd157.tar.gz