diff options
author | jim-p <jimp@pfsense.org> | 2012-10-31 15:44:14 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2012-10-31 15:44:14 -0400 |
commit | ac4cbc1529197ae60532dca089607a75bab5d9fe (patch) | |
tree | 0eaa17ac7efecad08e40f18edc379a165aaf59c3 /usr | |
parent | bb33a33724161823b6bd35e7f0f19a1d551cda82 (diff) | |
download | pfsense-ac4cbc1529197ae60532dca089607a75bab5d9fe.zip pfsense-ac4cbc1529197ae60532dca089607a75bab5d9fe.tar.gz |
Encode some more parameters before showing them to users.
Diffstat (limited to 'usr')
-rwxr-xr-x | usr/local/www/load_balancer_monitor_edit.php | 20 | ||||
-rwxr-xr-x | usr/local/www/load_balancer_virtual_server_edit.php | 12 | ||||
-rwxr-xr-x | usr/local/www/services_igmpproxy_edit.php | 2 |
3 files changed, 17 insertions, 17 deletions
diff --git a/usr/local/www/load_balancer_monitor_edit.php b/usr/local/www/load_balancer_monitor_edit.php index e5ed0ff..271b2f6 100755 --- a/usr/local/www/load_balancer_monitor_edit.php +++ b/usr/local/www/load_balancer_monitor_edit.php @@ -232,13 +232,13 @@ function updateType(t){ <tr align="left"> <td width="22%" valign="top" class="vncellreq"><?=gettext("Name"); ?></td> <td width="78%" class="vtable" colspan="2"> - <input name="name" type="text" <?if(isset($pconfig['name'])) echo "value=\"{$pconfig['name']}\"";?> size="16" maxlength="16"> + <input name="name" type="text" <?if(isset($pconfig['name'])) echo "value=\"" . htmlspecialchars($pconfig['name']) . "\"";?> size="16" maxlength="16"> </td> </tr> <tr align="left"> <td width="22%" valign="top" class="vncellreq"><?=gettext("Description"); ?></td> <td width="78%" class="vtable" colspan="2"> - <input name="descr" type="text" <?if(isset($pconfig['descr'])) echo "value=\"{$pconfig['descr']}\"";?>size="64"> + <input name="descr" type="text" <?if(isset($pconfig['descr'])) echo "value=\"" . htmlspecialchars($pconfig['descr']) . "\"";?>size="64"> </td> </tr> <tr align="left"> @@ -269,13 +269,13 @@ function updateType(t){ <tr align="left"> <td valign="top" align="right" class="vtable"><?=gettext("Path"); ?></td> <td class="vtable" colspan="2"> - <input name="http_options_path" type="text" <?if(isset($pconfig['options']['path'])) echo "value=\"{$pconfig['options']['path']}\"";?>size="64"> + <input name="http_options_path" type="text" <?if(isset($pconfig['options']['path'])) echo "value=\"" . htmlspecialchars($pconfig['options']['path']) . "\"";?>size="64"> </td> </tr> <tr align="left"> <td valign="top" align="right" class="vtable"><?=gettext("Host"); ?></td> <td class="vtable" colspan="2"> - <input name="http_options_host" type="text" <?if(isset($pconfig['options']['host'])) echo "value=\"{$pconfig['options']['host']}\"";?>size="64"><br/><?=gettext("Hostname for Host: header if needed."); ?> + <input name="http_options_host" type="text" <?if(isset($pconfig['options']['host'])) echo "value=\"" . htmlspecialchars($pconfig['options']['host']) . "\"";?>size="64"><br/><?=gettext("Hostname for Host: header if needed."); ?> </td> </td> <tr align="left"> @@ -288,7 +288,7 @@ function updateType(t){ <tr align="left"> <td width="22%" valign="top" class="vncell">MD5 Page Digest</td> <td width="78%" class="vtable" colspan="2"> - <input name="digest" type="text" <?if(isset($pconfig['digest'])) echo "value=\"{$pconfig['digest']}\"";?>size="32"><br /><b>TODO: add fetch functionality here</b> + <input name="digest" type="text" <?if(isset($pconfig['digest'])) echo "value=\"" . htmlspecialchars($pconfig['digest']) . "\"";?>size="32"><br /><b>TODO: add fetch functionality here</b> </td> </tr> --> @@ -302,13 +302,13 @@ function updateType(t){ <tr align="left"> <td valign="top" align="right" class="vtable"><?=gettext("Path"); ?></td> <td class="vtable" colspan="2"> - <input name="https_options_path" type="text" <?if(isset($pconfig['options']['path'])) echo "value=\"{$pconfig['options']['path']}\"";?>size="64"> + <input name="https_options_path" type="text" <?if(isset($pconfig['options']['path'])) echo "value=\"" . htmlspecialchars($pconfig['options']['path']) ."\"";?>size="64"> </td> </tr> <tr align="left"> <td valign="top" align="right" class="vtable"><?=gettext("Host"); ?></td> <td class="vtable" colspan="2"> - <input name="https_options_host" type="text" <?if(isset($pconfig['options']['host'])) echo "value=\"{$pconfig['options']['host']}\"";?>size="64"><br/><?=gettext("Hostname for Host: header if needed."); ?> + <input name="https_options_host" type="text" <?if(isset($pconfig['options']['host'])) echo "value=\"" . htmlspecialchars($pconfig['options']['host']) . "\"";?>size="64"><br/><?=gettext("Hostname for Host: header if needed."); ?> </td> </td> <tr align="left"> @@ -322,7 +322,7 @@ function updateType(t){ <tr align="left"> <td width="22%" valign="top" class="vncellreq">MD5 Page Digest</td> <td width="78%" class="vtable" colspan="2"> - <input name="digest" type="text" <?if(isset($pconfig['digest'])) echo "value=\"{$pconfig['digest']}\"";?>size="32"><br /><b>TODO: add fetch functionality here</b> + <input name="digest" type="text" <?if(isset($pconfig['digest'])) echo "value=\"" . htmlspecialchars($pconfig['digest']) . "\"";?>size="32"><br /><b>TODO: add fetch functionality here</b> </td> </tr> --> @@ -336,13 +336,13 @@ function updateType(t){ <tr align="left"> <td valign="top" align="right" class="vtable"><?=gettext("Send string"); ?></td> <td class="vtable" colspan="2"> - <input name="send_options_send" type="text" <?if(isset($pconfig['options']['send'])) echo "value=\"{$pconfig['options']['send']}\"";?>size="64"> + <input name="send_options_send" type="text" <?if(isset($pconfig['options']['send'])) echo "value=\"" . htmlspecialchars($pconfig['options']['send']) . "\"";?>size="64"> </td> </tr> <tr align="left"> <td valign="top" align="right" class="vtable"><?=gettext("Expect string"); ?></td> <td class="vtable" colspan="2"> - <input name="send_options_expect" type="text" <?if(isset($pconfig['options']['expect'])) echo "value=\"{$pconfig['options']['expect']}\"";?>size="64"> + <input name="send_options_expect" type="text" <?if(isset($pconfig['options']['expect'])) echo "value=\"" . htmlspecialchars($pconfig['options']['expect']) . "\"";?>size="64"> </td> </tr> </table> diff --git a/usr/local/www/load_balancer_virtual_server_edit.php b/usr/local/www/load_balancer_virtual_server_edit.php index ea429d6..b2e73b1 100755 --- a/usr/local/www/load_balancer_virtual_server_edit.php +++ b/usr/local/www/load_balancer_virtual_server_edit.php @@ -154,19 +154,19 @@ include("head.inc"); <tr align="left"> <td width="22%" valign="top" class="vncellreq"><?=gettext("Name"); ?></td> <td width="78%" class="vtable" colspan="2"> - <input name="name" type="text" <?if(isset($pconfig['name'])) echo "value=\"{$pconfig['name']}\"";?>size="32" maxlength="32"> + <input name="name" type="text" <?if(isset($pconfig['name'])) echo "value=\"" . htmlspecialchars($pconfig['name']) . "\"";?>size="32" maxlength="32"> </td> </tr> <tr align="left"> <td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td> <td width="78%" class="vtable" colspan="2"> - <input name="descr" type="text" <?if(isset($pconfig['descr'])) echo "value=\"{$pconfig['descr']}\"";?>size="64"> + <input name="descr" type="text" <?if(isset($pconfig['descr'])) echo "value=\"" . htmlspecialchars($pconfig['descr']) . "\"";?>size="64"> </td> </tr> <tr align="left"> <td width="22%" valign="top" class="vncellreq"><?=gettext("IP Address"); ?></td> <td width="78%" class="vtable" colspan="2"> - <input class="formfldalias" id="ipaddr" name="ipaddr" type="text" <?if(isset($pconfig['ipaddr'])) echo "value=\"{$pconfig['ipaddr']}\"";?> size="39" maxlength="39"> + <input class="formfldalias" id="ipaddr" name="ipaddr" type="text" <?if(isset($pconfig['ipaddr'])) echo "value=\"" . htmlspecialchars($pconfig['ipaddr']) . "\"";?> size="39" maxlength="39"> <br><?=gettext("This is normally the WAN IP address that you would like the server to listen on. All connections to this IP and port will be forwarded to the pool cluster."); ?> <br><?=gettext("You may also specify a host alias listed in Firewall -> Aliases here."); ?> <script type="text/javascript"> @@ -180,7 +180,7 @@ include("head.inc"); <tr align="left"> <td width="22%" valign="top" class="vncell"><?=gettext("Port"); ?></td> <td width="78%" class="vtable" colspan="2"> - <input class="formfldalias" name="port" id="port" type="text" <?if(isset($pconfig['port'])) echo "value=\"{$pconfig['port']}\"";?> size="16" maxlength="16"> + <input class="formfldalias" name="port" id="port" type="text" <?if(isset($pconfig['port'])) echo "value=\"" . htmlspecialchars($pconfig['port']) . "\"";?> size="16" maxlength="16"> <br><?=gettext("This is the port that the clients will connect to. All connections to this port will be forwarded to the pool cluster."); ?> <br><?=gettext("If left blank, listening ports from the pool will be used."); ?> <br><?=gettext("You may also specify a port alias listed in Firewall -> Aliases here."); ?> @@ -204,7 +204,7 @@ include("head.inc"); $selected = ""; if ( $config['load_balancer']['lbpool'][$i]['name'] == $pconfig['poolname'] ) $selected = " SELECTED"; - echo "<option value=\"{$config['load_balancer']['lbpool'][$i]['name']}\"{$selected}>{$config['load_balancer']['lbpool'][$i]['name']}</option>"; + echo "<option value=\"" . htmlspecialchars($config['load_balancer']['lbpool'][$i]['name']) . "\"{$selected}>{$config['load_balancer']['lbpool'][$i]['name']}</option>"; } ?> <?php endif; ?> @@ -224,7 +224,7 @@ include("head.inc"); $selected = ""; if ( $config['load_balancer']['lbpool'][$i]['name'] == $pconfig['sitedown'] ) $selected = " SELECTED"; - echo "<option value=\"{$config['load_balancer']['lbpool'][$i]['name']}\"{$selected}>{$config['load_balancer']['lbpool'][$i]['name']}</option>"; + echo "<option value=\"" . htmlspecialchars($config['load_balancer']['lbpool'][$i]['name']) . "\"{$selected}>{$config['load_balancer']['lbpool'][$i]['name']}</option>"; } ?> </select> diff --git a/usr/local/www/services_igmpproxy_edit.php b/usr/local/www/services_igmpproxy_edit.php index 57c29cd..78ef6ab 100755 --- a/usr/local/www/services_igmpproxy_edit.php +++ b/usr/local/www/services_igmpproxy_edit.php @@ -207,7 +207,7 @@ include("head.inc"); <tr> <td valign="top" class="vncell"><?=gettext("Threshold");?></td> <td class="vtable"> - <input name="threshold" class="formfld unknown" id="threshold" value="<?php echo $pconfig['threshold'];?>"> + <input name="threshold" class="formfld unknown" id="threshold" value="<?php echo htmlspecialchars($pconfig['threshold']);?>"> <br /> <span class="vexpl"> <?=gettext("Defines the TTL threshold for the network interface. Packets". |