Pass id variable through htmlspecialchars before print it

author: Renato Botelho <garga@FreeBSD.org> 2014-03-11 16:57:28 -0300
committer: Renato Botelho <garga@FreeBSD.org> 2014-03-11 16:57:28 -0300
commit: ea44d3baafba7e53317604e5fd964e3839d0d6d5 (patch)
tree: 8a4af5850a70a18bec4f711a1fdae7c4ae64caed /usr
parent: c18468417683b03255bdca2493c7acf21a2e06e1 (diff)
download: pfsense-ea44d3baafba7e53317604e5fd964e3839d0d6d5.zip
pfsense-ea44d3baafba7e53317604e5fd964e3839d0d6d5.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/usr/local/www/vpn_pppoe_edit.php b/usr/local/www/vpn_pppoe_edit.php
index 5f17221..e5e6403 100755
--- a/usr/local/www/vpn_pppoe_edit.php
+++ b/usr/local/www/vpn_pppoe_edit.php
@@ -585,7 +585,7 @@ function enable_change(enable_over) {
                   <td width="22%" valign="top">&nbsp;</td>
                   <td width="78%"> 
 		<?php if (isset($id))
-			echo "<input type='hidden' name='id' id='id' value='{$id}' />";
+			echo "<input type='hidden' name='id' id='id' value='" . htmlspecialchars($id, ENT_QUOTES | ENT_HTML401) . "' />";
 		?>
 		<?php if (isset($pconfig['pppoeid']))
 			echo "<input type='hidden' name='pppoeid' id='pppoeid' value='{$pppoeid}' />";
author	Renato Botelho <garga@FreeBSD.org>	2014-03-11 16:57:28 -0300
committer	Renato Botelho <garga@FreeBSD.org>	2014-03-11 16:57:28 -0300
commit	ea44d3baafba7e53317604e5fd964e3839d0d6d5 (patch)
tree	8a4af5850a70a18bec4f711a1fdae7c4ae64caed /usr
parent	c18468417683b03255bdca2493c7acf21a2e06e1 (diff)
download	pfsense-ea44d3baafba7e53317604e5fd964e3839d0d6d5.zip pfsense-ea44d3baafba7e53317604e5fd964e3839d0d6d5.tar.gz