diff options
author | Renato Botelho <garga@FreeBSD.org> | 2014-06-17 15:13:42 -0300 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2014-06-17 15:13:42 -0300 |
commit | ce9d5d7255919b47abf28314dbe6eaa2769a92e4 (patch) | |
tree | 0fa5e16a920ef2960b86362179180a65ffce6110 /usr | |
parent | 860b102acbdb8f7ea702c2f63c5216904428cf1d (diff) | |
download | pfsense-ce9d5d7255919b47abf28314dbe6eaa2769a92e4.zip pfsense-ce9d5d7255919b47abf28314dbe6eaa2769a92e4.tar.gz |
Protect servicestatusfilter parameter with htmlspecialchars()
Diffstat (limited to 'usr')
-rw-r--r-- | usr/local/www/widgets/widgets/services_status.widget.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/usr/local/www/widgets/widgets/services_status.widget.php b/usr/local/www/widgets/widgets/services_status.widget.php index ee8d521..86fa7f3 100644 --- a/usr/local/www/widgets/widgets/services_status.widget.php +++ b/usr/local/www/widgets/widgets/services_status.widget.php @@ -41,7 +41,7 @@ require_once("/usr/local/www/widgets/include/services_status.inc"); $services = get_services(); if(isset($_POST['servicestatusfilter'])) { - $config['widgets']['servicestatusfilter'] = $_POST['servicestatusfilter']; + $config['widgets']['servicestatusfilter'] = htmlspecialchars($_POST['servicestatusfilter'], ENT_QUOTES | ENT_HTML401); write_config("Saved Service Status Filter via Dashboard"); header("Location: ../../index.php"); } |