diff options
author | jim-p <jimp@pfsense.org> | 2015-06-16 12:00:51 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2015-06-16 12:00:51 -0400 |
commit | de5f0b6122f1c94c7d2cf4329d8bfd11429204c4 (patch) | |
tree | 96205a233ab5527bceaf51d3006ae3d6dd4d4e11 /usr | |
parent | 0ec282d48804947f953547b0b5f825e43a1e344d (diff) | |
download | pfsense-de5f0b6122f1c94c7d2cf4329d8bfd11429204c4.zip pfsense-de5f0b6122f1c94c7d2cf4329d8bfd11429204c4.tar.gz |
Encoding in system_advanced_sysctl.php
Diffstat (limited to 'usr')
-rw-r--r-- | usr/local/www/system_advanced_sysctl.php | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/usr/local/www/system_advanced_sysctl.php b/usr/local/www/system_advanced_sysctl.php index 9d93850..3b0a7bf 100644 --- a/usr/local/www/system_advanced_sysctl.php +++ b/usr/local/www/system_advanced_sysctl.php @@ -185,17 +185,17 @@ include("head.inc"); <?php foreach ($tunables as $i => $tunable): if (!isset($tunable['modified'])) - $i = $tunable['tunable']; + $i = urlencode($tunable['tunable']); ?> <tr> <td class="listlr" ondblclick="document.location='system_advanced_sysctl.php?act=edit&id=<?=$i;?>';"> - <?php echo $tunable['tunable']; ?> + <?php echo htmlspecialchars($tunable['tunable']); ?> </td> <td class="listr" align="left" ondblclick="document.location='system_advanced_sysctl.php?act=edit&id=<?=$i;?>';"> - <?php echo $tunable['descr']; ?> + <?php echo htmlspecialchars($tunable['descr']); ?> </td> <td class="listr" align="left" ondblclick="document.location='system_advanced_sysctl.php?act=edit&id=<?=$i;?>';"> - <?php echo $tunable['value']; ?> + <?php echo htmlspecialchars($tunable['value']); ?> <?php if($tunable['value'] == "default") echo "(" . get_default_sysctl_value($tunable['tunable']) . ")"; @@ -252,19 +252,19 @@ include("head.inc"); <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("Tunable"); ?></td> <td width="78%" class="vtable"> - <input size="65" name="tunable" value="<?php echo $pconfig['tunable']; ?>" /> + <input size="65" name="tunable" value="<?php echo htmlspecialchars($pconfig['tunable']); ?>" /> </td> </tr> <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("Description"); ?></td> <td width="78%" class="vtable"> - <textarea rows="7" cols="50" name="descr"><?php echo $pconfig['descr']; ?></textarea> + <textarea rows="7" cols="50" name="descr"><?php echo htmlspecialchars($pconfig['descr']); ?></textarea> </td> </tr> <tr> <td width="22%" valign="top" class="vncellreq"><?=gettext("Value"); ?></td> <td width="78%" class="vtable"> - <input size="65" name="value" value="<?php echo $pconfig['value']; ?>" /> + <input size="65" name="value" value="<?php echo htmlspecialchars($pconfig['value']); ?>" /> </td> </tr> <tr> |