diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2011-05-31 12:35:17 -0400 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2011-05-31 12:35:17 -0400 |
| commit | 10d74dff5a96deeacc57b81bab723740267fc5b8 (patch) | |
| tree | 4958852a3ca737b58cac7dfecc9c6a2601f4ae29 /usr | |
| parent | 85055175a102caa0f0bd07f50546553b36d935c9 (diff) | |
| download | pfsense-10d74dff5a96deeacc57b81bab723740267fc5b8.zip pfsense-10d74dff5a96deeacc57b81bab723740267fc5b8.tar.gz | |
Remove bogus protection. We have better handling of this now.
Diffstat (limited to 'usr')
| -rwxr-xr-x | usr/local/www/firewall_rules_edit.php | 13 |
1 files changed, 0 insertions, 13 deletions
diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index 79f65f0..bd8f48d 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -253,19 +253,6 @@ if ($_POST) { unset($input_errors); $pconfig = $_POST; - /* run through $_POST items encoding HTML entties so that the user - * cannot think he is slick and perform a XSS attack on the unwilling - */ - foreach ($_POST as $key => $value) { - $temp = str_replace(">", "", $value); - - if (isset($_POST['floating']) && $key == "interface") - continue; - $newpost = htmlentities($temp); - if($newpost <> $temp) - $input_errors[] = sprintf(gettext("Invalid characters detected (%s). Please remove invalid characters and save again."),$temp); - } - /* input validation */ $reqdfields = explode(" ", "type proto"); if ( isset($a_filter[$id]['associated-rule-id'])===false ) { |
