summaryrefslogtreecommitdiffstats
path: root/usr
diff options
context:
space:
mode:
authorjim-p <jimp@pfsense.org>2012-10-31 15:44:14 -0400
committerjim-p <jimp@pfsense.org>2012-10-31 15:44:14 -0400
commitac4cbc1529197ae60532dca089607a75bab5d9fe (patch)
tree0eaa17ac7efecad08e40f18edc379a165aaf59c3 /usr
parentbb33a33724161823b6bd35e7f0f19a1d551cda82 (diff)
downloadpfsense-ac4cbc1529197ae60532dca089607a75bab5d9fe.zip
pfsense-ac4cbc1529197ae60532dca089607a75bab5d9fe.tar.gz
Encode some more parameters before showing them to users.
Diffstat (limited to 'usr')
-rwxr-xr-xusr/local/www/load_balancer_monitor_edit.php20
-rwxr-xr-xusr/local/www/load_balancer_virtual_server_edit.php12
-rwxr-xr-xusr/local/www/services_igmpproxy_edit.php2
3 files changed, 17 insertions, 17 deletions
diff --git a/usr/local/www/load_balancer_monitor_edit.php b/usr/local/www/load_balancer_monitor_edit.php
index e5ed0ff..271b2f6 100755
--- a/usr/local/www/load_balancer_monitor_edit.php
+++ b/usr/local/www/load_balancer_monitor_edit.php
@@ -232,13 +232,13 @@ function updateType(t){
<tr align="left">
<td width="22%" valign="top" class="vncellreq"><?=gettext("Name"); ?></td>
<td width="78%" class="vtable" colspan="2">
- <input name="name" type="text" <?if(isset($pconfig['name'])) echo "value=\"{$pconfig['name']}\"";?> size="16" maxlength="16">
+ <input name="name" type="text" <?if(isset($pconfig['name'])) echo "value=\"" . htmlspecialchars($pconfig['name']) . "\"";?> size="16" maxlength="16">
</td>
</tr>
<tr align="left">
<td width="22%" valign="top" class="vncellreq"><?=gettext("Description"); ?></td>
<td width="78%" class="vtable" colspan="2">
- <input name="descr" type="text" <?if(isset($pconfig['descr'])) echo "value=\"{$pconfig['descr']}\"";?>size="64">
+ <input name="descr" type="text" <?if(isset($pconfig['descr'])) echo "value=\"" . htmlspecialchars($pconfig['descr']) . "\"";?>size="64">
</td>
</tr>
<tr align="left">
@@ -269,13 +269,13 @@ function updateType(t){
<tr align="left">
<td valign="top" align="right" class="vtable"><?=gettext("Path"); ?></td>
<td class="vtable" colspan="2">
- <input name="http_options_path" type="text" <?if(isset($pconfig['options']['path'])) echo "value=\"{$pconfig['options']['path']}\"";?>size="64">
+ <input name="http_options_path" type="text" <?if(isset($pconfig['options']['path'])) echo "value=\"" . htmlspecialchars($pconfig['options']['path']) . "\"";?>size="64">
</td>
</tr>
<tr align="left">
<td valign="top" align="right" class="vtable"><?=gettext("Host"); ?></td>
<td class="vtable" colspan="2">
- <input name="http_options_host" type="text" <?if(isset($pconfig['options']['host'])) echo "value=\"{$pconfig['options']['host']}\"";?>size="64"><br/><?=gettext("Hostname for Host: header if needed."); ?>
+ <input name="http_options_host" type="text" <?if(isset($pconfig['options']['host'])) echo "value=\"" . htmlspecialchars($pconfig['options']['host']) . "\"";?>size="64"><br/><?=gettext("Hostname for Host: header if needed."); ?>
</td>
</td>
<tr align="left">
@@ -288,7 +288,7 @@ function updateType(t){
<tr align="left">
<td width="22%" valign="top" class="vncell">MD5 Page Digest</td>
<td width="78%" class="vtable" colspan="2">
- <input name="digest" type="text" <?if(isset($pconfig['digest'])) echo "value=\"{$pconfig['digest']}\"";?>size="32"><br /><b>TODO: add fetch functionality here</b>
+ <input name="digest" type="text" <?if(isset($pconfig['digest'])) echo "value=\"" . htmlspecialchars($pconfig['digest']) . "\"";?>size="32"><br /><b>TODO: add fetch functionality here</b>
</td>
</tr>
-->
@@ -302,13 +302,13 @@ function updateType(t){
<tr align="left">
<td valign="top" align="right" class="vtable"><?=gettext("Path"); ?></td>
<td class="vtable" colspan="2">
- <input name="https_options_path" type="text" <?if(isset($pconfig['options']['path'])) echo "value=\"{$pconfig['options']['path']}\"";?>size="64">
+ <input name="https_options_path" type="text" <?if(isset($pconfig['options']['path'])) echo "value=\"" . htmlspecialchars($pconfig['options']['path']) ."\"";?>size="64">
</td>
</tr>
<tr align="left">
<td valign="top" align="right" class="vtable"><?=gettext("Host"); ?></td>
<td class="vtable" colspan="2">
- <input name="https_options_host" type="text" <?if(isset($pconfig['options']['host'])) echo "value=\"{$pconfig['options']['host']}\"";?>size="64"><br/><?=gettext("Hostname for Host: header if needed."); ?>
+ <input name="https_options_host" type="text" <?if(isset($pconfig['options']['host'])) echo "value=\"" . htmlspecialchars($pconfig['options']['host']) . "\"";?>size="64"><br/><?=gettext("Hostname for Host: header if needed."); ?>
</td>
</td>
<tr align="left">
@@ -322,7 +322,7 @@ function updateType(t){
<tr align="left">
<td width="22%" valign="top" class="vncellreq">MD5 Page Digest</td>
<td width="78%" class="vtable" colspan="2">
- <input name="digest" type="text" <?if(isset($pconfig['digest'])) echo "value=\"{$pconfig['digest']}\"";?>size="32"><br /><b>TODO: add fetch functionality here</b>
+ <input name="digest" type="text" <?if(isset($pconfig['digest'])) echo "value=\"" . htmlspecialchars($pconfig['digest']) . "\"";?>size="32"><br /><b>TODO: add fetch functionality here</b>
</td>
</tr>
-->
@@ -336,13 +336,13 @@ function updateType(t){
<tr align="left">
<td valign="top" align="right" class="vtable"><?=gettext("Send string"); ?></td>
<td class="vtable" colspan="2">
- <input name="send_options_send" type="text" <?if(isset($pconfig['options']['send'])) echo "value=\"{$pconfig['options']['send']}\"";?>size="64">
+ <input name="send_options_send" type="text" <?if(isset($pconfig['options']['send'])) echo "value=\"" . htmlspecialchars($pconfig['options']['send']) . "\"";?>size="64">
</td>
</tr>
<tr align="left">
<td valign="top" align="right" class="vtable"><?=gettext("Expect string"); ?></td>
<td class="vtable" colspan="2">
- <input name="send_options_expect" type="text" <?if(isset($pconfig['options']['expect'])) echo "value=\"{$pconfig['options']['expect']}\"";?>size="64">
+ <input name="send_options_expect" type="text" <?if(isset($pconfig['options']['expect'])) echo "value=\"" . htmlspecialchars($pconfig['options']['expect']) . "\"";?>size="64">
</td>
</tr>
</table>
diff --git a/usr/local/www/load_balancer_virtual_server_edit.php b/usr/local/www/load_balancer_virtual_server_edit.php
index ea429d6..b2e73b1 100755
--- a/usr/local/www/load_balancer_virtual_server_edit.php
+++ b/usr/local/www/load_balancer_virtual_server_edit.php
@@ -154,19 +154,19 @@ include("head.inc");
<tr align="left">
<td width="22%" valign="top" class="vncellreq"><?=gettext("Name"); ?></td>
<td width="78%" class="vtable" colspan="2">
- <input name="name" type="text" <?if(isset($pconfig['name'])) echo "value=\"{$pconfig['name']}\"";?>size="32" maxlength="32">
+ <input name="name" type="text" <?if(isset($pconfig['name'])) echo "value=\"" . htmlspecialchars($pconfig['name']) . "\"";?>size="32" maxlength="32">
</td>
</tr>
<tr align="left">
<td width="22%" valign="top" class="vncell"><?=gettext("Description"); ?></td>
<td width="78%" class="vtable" colspan="2">
- <input name="descr" type="text" <?if(isset($pconfig['descr'])) echo "value=\"{$pconfig['descr']}\"";?>size="64">
+ <input name="descr" type="text" <?if(isset($pconfig['descr'])) echo "value=\"" . htmlspecialchars($pconfig['descr']) . "\"";?>size="64">
</td>
</tr>
<tr align="left">
<td width="22%" valign="top" class="vncellreq"><?=gettext("IP Address"); ?></td>
<td width="78%" class="vtable" colspan="2">
- <input class="formfldalias" id="ipaddr" name="ipaddr" type="text" <?if(isset($pconfig['ipaddr'])) echo "value=\"{$pconfig['ipaddr']}\"";?> size="39" maxlength="39">
+ <input class="formfldalias" id="ipaddr" name="ipaddr" type="text" <?if(isset($pconfig['ipaddr'])) echo "value=\"" . htmlspecialchars($pconfig['ipaddr']) . "\"";?> size="39" maxlength="39">
<br><?=gettext("This is normally the WAN IP address that you would like the server to listen on. All connections to this IP and port will be forwarded to the pool cluster."); ?>
<br><?=gettext("You may also specify a host alias listed in Firewall -&gt; Aliases here."); ?>
<script type="text/javascript">
@@ -180,7 +180,7 @@ include("head.inc");
<tr align="left">
<td width="22%" valign="top" class="vncell"><?=gettext("Port"); ?></td>
<td width="78%" class="vtable" colspan="2">
- <input class="formfldalias" name="port" id="port" type="text" <?if(isset($pconfig['port'])) echo "value=\"{$pconfig['port']}\"";?> size="16" maxlength="16">
+ <input class="formfldalias" name="port" id="port" type="text" <?if(isset($pconfig['port'])) echo "value=\"" . htmlspecialchars($pconfig['port']) . "\"";?> size="16" maxlength="16">
<br><?=gettext("This is the port that the clients will connect to. All connections to this port will be forwarded to the pool cluster."); ?>
<br><?=gettext("If left blank, listening ports from the pool will be used."); ?>
<br><?=gettext("You may also specify a port alias listed in Firewall -&gt; Aliases here."); ?>
@@ -204,7 +204,7 @@ include("head.inc");
$selected = "";
if ( $config['load_balancer']['lbpool'][$i]['name'] == $pconfig['poolname'] )
$selected = " SELECTED";
- echo "<option value=\"{$config['load_balancer']['lbpool'][$i]['name']}\"{$selected}>{$config['load_balancer']['lbpool'][$i]['name']}</option>";
+ echo "<option value=\"" . htmlspecialchars($config['load_balancer']['lbpool'][$i]['name']) . "\"{$selected}>{$config['load_balancer']['lbpool'][$i]['name']}</option>";
}
?>
<?php endif; ?>
@@ -224,7 +224,7 @@ include("head.inc");
$selected = "";
if ( $config['load_balancer']['lbpool'][$i]['name'] == $pconfig['sitedown'] )
$selected = " SELECTED";
- echo "<option value=\"{$config['load_balancer']['lbpool'][$i]['name']}\"{$selected}>{$config['load_balancer']['lbpool'][$i]['name']}</option>";
+ echo "<option value=\"" . htmlspecialchars($config['load_balancer']['lbpool'][$i]['name']) . "\"{$selected}>{$config['load_balancer']['lbpool'][$i]['name']}</option>";
}
?>
</select>
diff --git a/usr/local/www/services_igmpproxy_edit.php b/usr/local/www/services_igmpproxy_edit.php
index 57c29cd..78ef6ab 100755
--- a/usr/local/www/services_igmpproxy_edit.php
+++ b/usr/local/www/services_igmpproxy_edit.php
@@ -207,7 +207,7 @@ include("head.inc");
<tr>
<td valign="top" class="vncell"><?=gettext("Threshold");?></td>
<td class="vtable">
- <input name="threshold" class="formfld unknown" id="threshold" value="<?php echo $pconfig['threshold'];?>">
+ <input name="threshold" class="formfld unknown" id="threshold" value="<?php echo htmlspecialchars($pconfig['threshold']);?>">
<br />
<span class="vexpl">
<?=gettext("Defines the TTL threshold for the network interface. Packets".
OpenPOWER on IntegriCloud