diff options
author | jim-p <jimp@pfsense.org> | 2015-06-16 10:57:55 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2015-06-16 10:57:55 -0400 |
commit | 2debaf5c34065aee52e4c095f4b120c5da518d3e (patch) | |
tree | 28a79c5c674333a624367e207abbfc91562549e1 /usr | |
parent | 3aef3ad0c052443b1801ec216e1e6f87a6d984a8 (diff) | |
download | pfsense-2debaf5c34065aee52e4c095f4b120c5da518d3e.zip pfsense-2debaf5c34065aee52e4c095f4b120c5da518d3e.tar.gz |
Fix some low-hanging potential security issues.
Diffstat (limited to 'usr')
-rw-r--r-- | usr/local/www/services_ntpd.php | 2 | ||||
-rw-r--r-- | usr/local/www/system_firmware_settings.php | 6 | ||||
-rw-r--r-- | usr/local/www/vpn_openvpn_csc.php | 8 |
3 files changed, 8 insertions, 8 deletions
diff --git a/usr/local/www/services_ntpd.php b/usr/local/www/services_ntpd.php index cea8ea6..1f4dd86 100644 --- a/usr/local/www/services_ntpd.php +++ b/usr/local/www/services_ntpd.php @@ -329,7 +329,7 @@ include("head.inc"); } echo ">\n"; - echo "<input name=\"server{$i}\" class=\"formfld unknown\" id=\"server{$i}\" size=\"30\" value=\"{$timeservers[$i]}\" type=\"text\" /> "; + echo "<input name=\"server{$i}\" class=\"formfld unknown\" id=\"server{$i}\" size=\"30\" value=\"" . htmlspecialchars($timeservers[$i]) . "\" type=\"text\" /> "; echo "\n<input name=\"servprefer{$i}\" class=\"formcheckbox\" id=\"servprefer{$i}\" onclick=\"CheckOffOther('servprefer{$i}', 'servselect{$i}')\" type=\"checkbox\""; if (isset($config['ntpd']['prefer']) && isset($timeservers[$i]) && substr_count($config['ntpd']['prefer'], $timeservers[$i])) { echo " checked=\"checked\""; diff --git a/usr/local/www/system_firmware_settings.php b/usr/local/www/system_firmware_settings.php index f2232d6..9f6c5e0 100644 --- a/usr/local/www/system_firmware_settings.php +++ b/usr/local/www/system_firmware_settings.php @@ -179,7 +179,7 @@ function enable_altfirmwareurl(enable_over) { <?=gettext("Base URL:"); ?> </td> <td> - <input name="firmwareurl" type="text" class="formfld url" id="firmwareurl" size="64" value="<?php if ($curcfg['alturl']['firmwareurl']) echo $curcfg['alturl']['firmwareurl']; else echo $g['']; ?>" /> + <input name="firmwareurl" type="text" class="formfld url" id="firmwareurl" size="64" value="<?php if ($curcfg['alturl']['firmwareurl']) echo htmlspecialchars($curcfg['alturl']['firmwareurl']); else echo $g['']; ?>" /> </td> </tr> </table> @@ -241,7 +241,7 @@ function enable_altfirmwareurl(enable_over) { <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Repository URL"); ?></td> <td width="78%" class="vtable"> - <input name="repositoryurl" type="text" class="formfld url" id="repositoryurl" size="64" value="<?php if ($gitcfg['repositoryurl']) echo $gitcfg['repositoryurl']; ?>" /> + <input name="repositoryurl" type="text" class="formfld url" id="repositoryurl" size="64" value="<?php if ($gitcfg['repositoryurl']) echo htmlspecialchars($gitcfg['repositoryurl']); ?>" /> <?php if ($lastrepositoryurl): ?> @@ -271,7 +271,7 @@ function enable_altfirmwareurl(enable_over) { <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Branch name"); ?></td> <td width="78%" class="vtable"> - <input name="branch" type="text" class="formfld unknown" id="branch" size="64" value="<?php if ($gitcfg['branch']) echo $gitcfg['branch']; ?>" /> + <input name="branch" type="text" class="formfld unknown" id="branch" size="64" value="<?php if ($gitcfg['branch']) echo htmlspecialchars($gitcfg['branch']); ?>" /> <?php if ($lastbranch): ?> diff --git a/usr/local/www/vpn_openvpn_csc.php b/usr/local/www/vpn_openvpn_csc.php index 69dfd28..356db7f 100644 --- a/usr/local/www/vpn_openvpn_csc.php +++ b/usr/local/www/vpn_openvpn_csc.php @@ -640,7 +640,7 @@ function netbios_change() { <span class="vexpl"> <?=gettext("Server"); ?> #1: </span> - <input name="ntp_server1" type="text" class="formfld unknown" id="ntp_server1" size="20" value="<?=$pconfig['ntp_server1'];?>" /> + <input name="ntp_server1" type="text" class="formfld unknown" id="ntp_server1" size="20" value="<?=htmlspecialchars($pconfig['ntp_server1']);?>" /> </td> </tr> <tr> @@ -648,7 +648,7 @@ function netbios_change() { <span class="vexpl"> <?=gettext("Server"); ?> #2: </span> - <input name="ntp_server2" type="text" class="formfld unknown" id="ntp_server2" size="20" value="<?=$pconfig['ntp_server2'];?>" /> + <input name="ntp_server2" type="text" class="formfld unknown" id="ntp_server2" size="20" value="<?=htmlspecialchars($pconfig['ntp_server2']);?>" /> </td> </tr> </table> @@ -737,7 +737,7 @@ function netbios_change() { <span class="vexpl"> <?=gettext("Server"); ?> #1: </span> - <input name="wins_server1" type="text" class="formfld unknown" id="wins_server1" size="20" value="<?=$pconfig['wins_server1'];?>" /> + <input name="wins_server1" type="text" class="formfld unknown" id="wins_server1" size="20" value="<?=htmlspecialchars($pconfig['wins_server1']);?>" /> </td> </tr> <tr> @@ -745,7 +745,7 @@ function netbios_change() { <span class="vexpl"> <?=gettext("Server"); ?> #2: </span> - <input name="wins_server2" type="text" class="formfld unknown" id="wins_server2" size="20" value="<?=$pconfig['wins_server2'];?>" /> + <input name="wins_server2" type="text" class="formfld unknown" id="wins_server2" size="20" value="<?=htmlspecialchars($pconfig['wins_server2']);?>" /> </td> </tr> </table> |