diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2010-11-06 12:24:59 -0400 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2010-11-06 12:24:59 -0400 |
commit | 8625c24f8e8f8b63b6807b22d261062d02e3a396 (patch) | |
tree | fa20c1ea2c04186f1d01ff00a4e9ad6164a1d4eb /usr | |
parent | 50b2f6ab4c4bf786ea6921c16d7df569607b624a (diff) | |
download | pfsense-8625c24f8e8f8b63b6807b22d261062d02e3a396.zip pfsense-8625c24f8e8f8b63b6807b22d261062d02e3a396.tar.gz |
Use htmlspecialchars() for santitized output
Diffstat (limited to 'usr')
-rwxr-xr-x | usr/local/www/graph.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/usr/local/www/graph.php b/usr/local/www/graph.php index 14af862..6634ed3 100755 --- a/usr/local/www/graph.php +++ b/usr/local/www/graph.php @@ -82,12 +82,12 @@ $attribs['error']='fill="blue" font-family="Arial" font-size="4"'; $attribs['collect_initial']='fill="gray" font-family="Tahoma, Verdana, Arial, Helvetica, sans-serif" font-size="4"'; //Error text if we cannot fetch data : depends on which method is used -$error_text = "Cannot get data about interface $ifnum"; +$error_text = "Cannot get data about interface " . htmlspecialchars($ifnum); $height=100; //SVG internal height : do not modify $width=200; //SVG internal width : do not modify -$fetch_link = "ifstats.php?if={$ifnum}"; +$fetch_link = "ifstats.php?if=" . htmlspecialchars($ifnum); /* check for custom theme colors */ if(file_exists("/usr/local/www/themes/{$g['theme']}/graph.php")) { @@ -112,7 +112,7 @@ print('<?xml version="1.0" encoding="iso-8859-1"?>' . "\n");?> <text id="graph_out_lbl" x="5" y="16" <?=$attribs['out']?>><?=gettext("Out"); ?></text> <text id="graph_in_txt" x="20" y="8" <?=$attribs['in']?>> </text> <text id="graph_out_txt" x="20" y="16" <?=$attribs['out']?>> </text> - <text id="ifname" x="<?=$width?>" y="8" <?=$attribs['graphname']?> text-anchor="end"><?=$ifname?></text> + <text id="ifname" x="<?=$width?>" y="8" <?=$attribs['graphname']?> text-anchor="end"><?=htmlspecialchars($ifname)?></text> <text id="switch_unit" x="<?=$width*0.55?>" y="5" <?=$attribs['switch_unit']?>><?=gettext("Switch to bytes/s"); ?></text> <text id="switch_scale" x="<?=$width*0.55?>" y="11" <?=$attribs['switch_scale']?>><?=gettext("AutoScale"); ?> (<?=$scale_type?>)</text> <text id="datetime" x="<?=$width*0.33?>" y="5" <?=$attribs['legend']?>> </text> |