diff options
author | Renato Botelho <garga@FreeBSD.org> | 2014-02-18 16:38:35 -0300 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2014-02-18 16:38:35 -0300 |
commit | d291634ad943abdb089250b307d788f30d1af91b (patch) | |
tree | f36d6b75511261445e48b6c1193500494ab2edc5 /usr | |
parent | 738fab3dd664e637969bf4f0ad92ace367a343d5 (diff) | |
download | pfsense-d291634ad943abdb089250b307d788f30d1af91b.zip pfsense-d291634ad943abdb089250b307d788f30d1af91b.tar.gz |
Take single and double quotes into consideration
Diffstat (limited to 'usr')
-rwxr-xr-x | usr/local/www/pkg_mgr_install.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/usr/local/www/pkg_mgr_install.php b/usr/local/www/pkg_mgr_install.php index 8bf431b..79bb9f2 100755 --- a/usr/local/www/pkg_mgr_install.php +++ b/usr/local/www/pkg_mgr_install.php @@ -181,7 +181,7 @@ Rounded("div#mainareapkg","bl br","#FFF","#eeeeee","smooth"); ob_flush(); if ($_GET) { - $pkgname = str_replace(array("<", ">", ";", "&", "'"), "", htmlspecialchars_decode($_GET['pkg'])); + $pkgname = str_replace(array("<", ">", ";", "&", "'", '"'), "", htmlspecialchars_decode($_GET['pkg'], ENT_QUOTES | ENT_HTML401)); switch($_GET['mode']) { case 'showlog': if (strpos($pkgname, ".")) { |