diff options
author | jim-p <jimp@pfsense.org> | 2015-09-01 12:17:37 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2015-09-01 12:17:37 -0400 |
commit | 38f147d66798f324f92063e91c41c8d182fddb61 (patch) | |
tree | 8a0efd56c77f0ca227c564f195b34cdcaaa33e90 /usr | |
parent | 1782b45d4b73cd3adb244ece78393b277fedd157 (diff) | |
download | pfsense-38f147d66798f324f92063e91c41c8d182fddb61.zip pfsense-38f147d66798f324f92063e91c41c8d182fddb61.tar.gz |
Encode alias description details before attempting to display them.
Diffstat (limited to 'usr')
-rw-r--r-- | usr/local/www/guiconfig.inc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/usr/local/www/guiconfig.inc b/usr/local/www/guiconfig.inc index 536c5a7..b6ed0ad 100644 --- a/usr/local/www/guiconfig.inc +++ b/usr/local/www/guiconfig.inc @@ -1116,7 +1116,7 @@ function alias_info_popup($alias_id){ $alias_objects_with_details .= "<tr><td $close_title width=\"5%\" class=\"vncell\" style=\"background: #FFFFFF;color: #000000;\">{$alias_addresses[$counter]}</td>"; $alias_detail_default = strpos ($alias_details[$counter],"Entry added"); if ($alias_details[$counter] != "" && $alias_detail_default === False) - $alias_objects_with_details .="<td $close_title width=\"95%\" class=\"vncell\" style=\"background: #FFFFFF;color: #000000;\">{$alias_details[$counter]}</td>"; + $alias_objects_with_details .="<td $close_title width=\"95%\" class=\"vncell\" style=\"background: #FFFFFF;color: #000000;\">" . htmlspecialchars($alias_details[$counter]) . "</td>"; else $alias_objects_with_details .="<td $close_title width=\"95%\" class=\"vncell\" style=\"background: #FFFFFF;color: #000000;\"> </td>"; $alias_objects_with_details .= "</tr>"; @@ -1129,7 +1129,7 @@ function alias_info_popup($alias_id){ if ($strlength >= $maxlength) $alias_descr_substr = substr($alias_descr_substr, 0, $maxlength) . "..."; $item_text = ($counter > 1 ? "items" : "item"); - $alias_caption = "{$alias_descr_substr} - {$counter} {$item_text}<a href=\"/firewall_aliases_edit.php?id={$alias_id}\" title=\"".gettext('edit this alias')."\"> edit </a>"; + $alias_caption = htmlspecialchars($alias_descr_substr) . " - {$counter} {$item_text}<a href=\"/firewall_aliases_edit.php?id={$alias_id}\" title=\"".gettext('edit this alias')."\"> edit </a>"; $strlength = strlen ($alias_caption); print "<h1>{$alias_caption}</h1>" . $alias_objects_with_details; } |