diff options
| author | Renato Botelho <garga@FreeBSD.org> | 2014-06-17 15:13:42 -0300 |
|---|---|---|
| committer | Renato Botelho <garga@FreeBSD.org> | 2014-06-17 15:13:51 -0300 |
| commit | 2b641a08ab6e781b4795b0b3e3d9c1268aa91964 (patch) | |
| tree | 1ff3bb73b7144bdf730b74f66e9ed6a6767a8c85 /usr/local | |
| parent | e4921058c6c5e2cb99b997fcf2594e9a7e10a11e (diff) | |
| download | pfsense-2b641a08ab6e781b4795b0b3e3d9c1268aa91964.zip pfsense-2b641a08ab6e781b4795b0b3e3d9c1268aa91964.tar.gz | |
Protect servicestatusfilter parameter with htmlspecialchars()
Diffstat (limited to 'usr/local')
| -rw-r--r-- | usr/local/www/widgets/widgets/services_status.widget.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/usr/local/www/widgets/widgets/services_status.widget.php b/usr/local/www/widgets/widgets/services_status.widget.php index dfe172b..ec68a65 100644 --- a/usr/local/www/widgets/widgets/services_status.widget.php +++ b/usr/local/www/widgets/widgets/services_status.widget.php @@ -41,7 +41,7 @@ require_once("/usr/local/www/widgets/include/services_status.inc"); $services = get_services(); if(isset($_POST['servicestatusfilter'])) { - $config['widgets']['servicestatusfilter'] = $_POST['servicestatusfilter']; + $config['widgets']['servicestatusfilter'] = htmlspecialchars($_POST['servicestatusfilter'], ENT_QUOTES | ENT_HTML401); write_config("Saved Service Status Filter via Dashboard"); header("Location: ../../index.php"); } |
