diff options
author | jim-p <jimp@pfsense.org> | 2010-11-12 11:28:40 -0500 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2010-11-12 11:29:25 -0500 |
commit | 190d5d5814add2cc1a85fa8f3db01f54243acb58 (patch) | |
tree | 719218957a0e975633e6cc32f10f8158d71f6177 /usr | |
parent | 225a2f0b4696c497263d0926011a0f39ab08b0f3 (diff) | |
download | pfsense-190d5d5814add2cc1a85fa8f3db01f54243acb58.zip pfsense-190d5d5814add2cc1a85fa8f3db01f54243acb58.tar.gz |
Fix XSS in notices.
Diffstat (limited to 'usr')
-rwxr-xr-x | usr/local/www/fbegin.inc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/usr/local/www/fbegin.inc b/usr/local/www/fbegin.inc index 12f8428..b720ca1 100755 --- a/usr/local/www/fbegin.inc +++ b/usr/local/www/fbegin.inc @@ -271,9 +271,9 @@ if ($_REQUEST['noticeaction'] == 'acknowledge') { $extraargs="&xml=" . $_POST['id']; $notice_msgs = '<a href="?noticeaction=acknowledge¬iceid=all' . $extraargs . '">Acknowledge All</a> .:. '; if ($value['url']) { - $notice_msgs .= $date.' - <a href="'.$url.'?'.$request_string.'¬iceaction=acknowledge¬iceid='.$key.'">['.$value['id'].']</a>'; + $notice_msgs .= $date.' - <a href="'.$url.'?' . htmlspecialchars($request_string) . '¬iceaction=acknowledge¬iceid='.$key.'">['.$value['id'].']</a>'; } else { - $notice_msgs .= $date.' - <a href="?'.$request_string.'¬iceaction=acknowledge¬iceid='.$key.'">['.$value['id'].']'.$noticemsg.'</a>'; + $notice_msgs .= $date.' - <a href="?' . htmlspecialchars($request_string) . '¬iceaction=acknowledge¬iceid='.$key.'">['.$value['id'].']'.$noticemsg.'</a>'; } $notice_msgs .= " .:. "; } |