diff options
author | jim-p <jimp@pfsense.org> | 2012-10-31 14:02:22 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2012-10-31 14:02:22 -0400 |
commit | ee8981553bd187ea9eb0d2af88fb48c855a638dc (patch) | |
tree | d91224496a35c0081166ef99576f132c729eab46 /usr | |
parent | 52ab0384ca0cf3efac1e8c36c3e05dc17f0c5758 (diff) | |
download | pfsense-ee8981553bd187ea9eb0d2af88fb48c855a638dc.zip pfsense-ee8981553bd187ea9eb0d2af88fb48c855a638dc.tar.gz |
Encode the if parameter before using it in redirects, too.
Diffstat (limited to 'usr')
-rwxr-xr-x | usr/local/www/firewall_rules.php | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/usr/local/www/firewall_rules.php b/usr/local/www/firewall_rules.php index 599d6a3..876abc4 100755 --- a/usr/local/www/firewall_rules.php +++ b/usr/local/www/firewall_rules.php @@ -210,7 +210,7 @@ if ($_GET['act'] == "del") { unset($a_filter[$_GET['id']]); write_config(); mark_subsystem_dirty('filter'); - header("Location: firewall_rules.php?if={$if}"); + header("Location: firewall_rules.php?if=" . htmlspecialchars($if)); exit; } } @@ -228,7 +228,7 @@ if (isset($_POST['del_x'])) { } write_config(); mark_subsystem_dirty('filter'); - header("Location: firewall_rules.php?if={$if}"); + header("Location: firewall_rules.php?if=" . htmlspecialchars($if)); exit; } } else if ($_GET['act'] == "toggle") { @@ -239,7 +239,7 @@ if (isset($_POST['del_x'])) { $a_filter[$_GET['id']]['disabled'] = true; write_config(); mark_subsystem_dirty('filter'); - header("Location: firewall_rules.php?if={$if}"); + header("Location: firewall_rules.php?if=" . htmlspecialchars($if)); exit; } } else { @@ -283,7 +283,7 @@ if (isset($_POST['del_x'])) { $a_filter = $a_filter_new; write_config(); mark_subsystem_dirty('filter'); - header("Location: firewall_rules.php?if={$if}"); + header("Location: firewall_rules.php?if=" . htmlspecialchars($if)); exit; } } |