diff options
| author | Ermal <eri@pfsense.org> | 2010-12-01 11:52:55 +0000 |
|---|---|---|
| committer | Ermal <eri@pfsense.org> | 2010-12-01 11:52:55 +0000 |
| commit | b6ab9bd29026fdf685bee7179000e69c7380a3ef (patch) | |
| tree | ccd45cfb1a7e4ab1f4f653ce163b5fd510bae45e /usr/local | |
| parent | 1dbc0c4384dbec766b59986895b7537b5d1c8b23 (diff) | |
| download | pfsense-b6ab9bd29026fdf685bee7179000e69c7380a3ef.zip pfsense-b6ab9bd29026fdf685bee7179000e69c7380a3ef.tar.gz | |
Ticket #1060. Escape even the alias entry descritpions.
Diffstat (limited to 'usr/local')
| -rwxr-xr-x | usr/local/www/firewall_rules.php | 2 | ||||
| -rwxr-xr-x | usr/local/www/guiconfig.inc | 3 |
2 files changed, 3 insertions, 2 deletions
diff --git a/usr/local/www/firewall_rules.php b/usr/local/www/firewall_rules.php index 329fef9..ae4f60e 100755 --- a/usr/local/www/firewall_rules.php +++ b/usr/local/www/firewall_rules.php @@ -550,7 +550,7 @@ if($_REQUEST['undodrag']) { $schedstatus = false; $dayArray = array (gettext('Mon'),gettext('Tues'),gettext('Wed'),gettext('Thur'),gettext('Fri'),gettext('Sat'),gettext('Sun')); $monthArray = array (gettext('January'),gettext('February'),gettext('March'),gettext('April'),gettext('May'),gettext('June'),gettext('July'),gettext('August'),gettext('September'),gettext('October'),gettext('November'),gettext('December')); - if($config['schedules']['schedule'] <> "" and is_array($config['schedules']['schedule'])){ + if($config['schedules']['schedule'] <> "" and is_array($config['schedules']['schedule'])) { foreach ($a_schedules as $schedule) { if ($schedule['name'] == $filterent['sched'] ){ diff --git a/usr/local/www/guiconfig.inc b/usr/local/www/guiconfig.inc index bafb8fa..70f9459 100755 --- a/usr/local/www/guiconfig.inc +++ b/usr/local/www/guiconfig.inc @@ -1059,7 +1059,8 @@ function rule_popup($src,$srcport,$dst,$dstport){ $alias_caption = substr($alias_caption, 0, $maxlength) . "..."; $alias_caption_escaped = str_replace("'", "\'", $alias_caption); - $span_begin = "<span style=\"cursor: help;\" onmouseover=\"domTT_activate(this, event, 'content', '<h1>$alias_caption_escaped</h1><p>$alias_content_text</p>', 'trail', true, 'delay', 0, 'fade', 'both', 'fadeMax', 93, 'styleClass', 'niceTitle');\" onmouseout=\"this.style.color = ''; domTT_mouseout(this, event);\"><U>"; + $alias_content_escaped = str_replace("'", "\'", $alias_content_text); + $span_begin = "<span style=\"cursor: help;\" onmouseover=\"domTT_activate(this, event, 'content', '<h1>$alias_caption_escaped</h1><p>$alias_content_escaped</p>', 'trail', true, 'delay', 0, 'fade', 'both', 'fadeMax', 93, 'styleClass', 'niceTitle');\" onmouseout=\"this.style.color = ''; domTT_mouseout(this, event);\"><U>"; if ($alias_name['name'] == $src) $alias_src_span_begin = $span_begin; |
