diff options
Diffstat (limited to 'usr/local/www/exec.php')
| -rwxr-xr-x | usr/local/www/exec.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/usr/local/www/exec.php b/usr/local/www/exec.php index 2d29a83..e9b0259 100755 --- a/usr/local/www/exec.php +++ b/usr/local/www/exec.php @@ -104,8 +104,8 @@ if (isBlank( $_POST['txtRecallBuffer'] )) { } else { puts( " var arrRecallBuffer = new Array(" ); $arrBuffer = explode( "&", $_POST['txtRecallBuffer'] ); - for ($i=0; $i < (count( $arrBuffer ) - 1); $i++) puts( " '" . $arrBuffer[$i] . "'," ); - puts( " '" . $arrBuffer[count( $arrBuffer ) - 1] . "'" ); + for ($i=0; $i < (count( $arrBuffer ) - 1); $i++) puts( " '" . htmlspecialchars($arrBuffer[$i]) . "'," ); + puts( " '" . htmlspecialchars($arrBuffer[count( $arrBuffer ) - 1]) . "'" ); puts( " );" ); } @@ -259,7 +259,7 @@ if (!isBlank($_POST['txtPHPCommand'])) { <tr> <td valign="top"> </td> <td valign="top" class="label"> - <input type="hidden" name="txtRecallBuffer" value="<?=$_POST['txtRecallBuffer'] ?>"> + <input type="hidden" name="txtRecallBuffer" value="<?=htmlspecialchars($_POST['txtRecallBuffer']) ?>"> <input type="button" class="button" name="btnRecallPrev" value="<" onClick="btnRecall_onClick( this.form, -1 );"> <input type="submit" class="button" value="<?=gettext("Execute"); ?>"> <input type="button" class="button" name="btnRecallNext" value=">" onClick="btnRecall_onClick( this.form, 1 );"> |
