diff options
| author | jim-p <jimp@pfsense.org> | 2015-09-04 10:10:32 -0400 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2015-09-04 10:10:32 -0400 |
| commit | 64c50ecd239a61b42e9179be486f3792c03cb0b8 (patch) | |
| tree | b8191b290aff58b25e9ee26acb61dae6add0227c /usr | |
| parent | 38f147d66798f324f92063e91c41c8d182fddb61 (diff) | |
| download | pfsense-64c50ecd239a61b42e9179be486f3792c03cb0b8.zip pfsense-64c50ecd239a61b42e9179be486f3792c03cb0b8.tar.gz | |
Encode auth server name before display.
Diffstat (limited to 'usr')
| -rw-r--r-- | usr/local/www/diag_authentication.php | 2 | ||||
| -rw-r--r-- | usr/local/www/system_usermanager_settings.php | 2 | ||||
| -rwxr-xr-x | usr/local/www/system_usermanager_settings_test.php | 6 | ||||
| -rw-r--r-- | usr/local/www/vpn_ipsec_mobile.php | 2 | ||||
| -rw-r--r-- | usr/local/www/vpn_openvpn_server.php | 2 |
5 files changed, 7 insertions, 7 deletions
diff --git a/usr/local/www/diag_authentication.php b/usr/local/www/diag_authentication.php index 704e92a..24d567e 100644 --- a/usr/local/www/diag_authentication.php +++ b/usr/local/www/diag_authentication.php @@ -99,7 +99,7 @@ include("head.inc"); if ($auth_server['name'] == $pconfig['authmode']) $selected = "selected=\"selected\""; ?> - <option value="<?=$auth_server['name'];?>" <?=$selected;?>><?=$auth_server['name'];?></option> + <option value="<?=htmlspecialchars($auth_server['name']);?>" <?=$selected;?>><?=htmlspecialchars($auth_server['name']);?></option> <?php endforeach; ?> </select> </td> diff --git a/usr/local/www/system_usermanager_settings.php b/usr/local/www/system_usermanager_settings.php index 8965c69..5945691 100644 --- a/usr/local/www/system_usermanager_settings.php +++ b/usr/local/www/system_usermanager_settings.php @@ -152,7 +152,7 @@ include("head.inc"); if (!isset($pconfig['authmode']) && $auth_server['name'] == "Local Database") $selected = "selected=\"selected\""; ?> - <option value="<?=$auth_server['name'];?>" <?=$selected;?>><?=$auth_server['name'];?></option> + <option value="<?=htmlspecialchars($auth_server['name']);?>" <?=$selected;?>><?=htmlspecialchars($auth_server['name']);?></option> <?php endforeach; ?> diff --git a/usr/local/www/system_usermanager_settings_test.php b/usr/local/www/system_usermanager_settings_test.php index 2dcba45..2ec54b1 100755 --- a/usr/local/www/system_usermanager_settings_test.php +++ b/usr/local/www/system_usermanager_settings_test.php @@ -88,15 +88,15 @@ if (!$authcfg) { echo "<table width='100%'>"; - echo "<tr><td>" . gettext("Attempting connection to") . " " . "<td><center>$auth_server</b></center></td>"; + echo "<tr><td>" . gettext("Attempting connection to") . " " . "<td><center>" . htmlspecialchars($auth_server). "</b></center></td>"; if(ldap_test_connection($authcfg)) { echo "<td><center><font color=green>OK</center></td></tr>"; - echo "<tr><td>" . gettext("Attempting bind to") . " " . "<td><center>$auth_server</b></center></td>"; + echo "<tr><td>" . gettext("Attempting bind to") . " " . "<td><center>" . htmlspecialchars($auth_server). "</b></center></td>"; if(ldap_test_bind($authcfg)) { echo "<td><center><font color=green>OK</center></td></tr>"; - echo "<tr><td>" . gettext("Attempting to fetch Organizational Units from") . " " . "<td><center>$auth_server</b></center></td>"; + echo "<tr><td>" . gettext("Attempting to fetch Organizational Units from") . " " . "<td><center>" . htmlspecialchars($auth_server). "</b></center></td>"; $ous = ldap_get_user_ous(true, $authcfg); if(count($ous)>1) { echo "<td><center><font color=green>OK</center></td></tr>"; diff --git a/usr/local/www/vpn_ipsec_mobile.php b/usr/local/www/vpn_ipsec_mobile.php index 8fed8e9..0c4da17 100644 --- a/usr/local/www/vpn_ipsec_mobile.php +++ b/usr/local/www/vpn_ipsec_mobile.php @@ -393,7 +393,7 @@ function login_banner_change() { $selected = ""; if (in_array($auth_server['name'], $authmodes)) $selected = "selected=\"selected\""; - echo "<option value='{$auth_server['name']}' {$selected}>{$auth_server['name']}</option>\n"; + echo "<option value=\"" . htmlspecialchars($auth_server['name']). "\" {$selected}>" . htmlspecialchars($auth_server['name']). "</option>\n"; } ?> </select> diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php index 801575a..cd978f7 100644 --- a/usr/local/www/vpn_openvpn_server.php +++ b/usr/local/www/vpn_openvpn_server.php @@ -810,7 +810,7 @@ if ($savemsg) if (in_array($auth_server_key, $authmodes)) $selected = "selected=\"selected\""; ?> - <option value="<?=$auth_server_key;?>" <?=$selected;?>><?=$auth_server['name'];?></option> + <option value="<?=htmlspecialchars($auth_server_key);?>" <?=$selected;?>><?=htmlspecialchars($auth_server['name']);?></option> <?php endforeach; ?> </select> </td> |
