From 248b0124e423b268d698d1e7246ea36df75a34e7 Mon Sep 17 00:00:00 2001
From: Ermal <eri@pfsense.org>
Date: Tue, 18 Feb 2014 11:28:53 +0000
Subject: Ticket #3461. Protect output to browser by using htmlspecialchars.

---
 etc/inc/pkg-utils.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'etc/inc')

diff --git a/etc/inc/pkg-utils.inc b/etc/inc/pkg-utils.inc
index d5f3303..924f223 100644
--- a/etc/inc/pkg-utils.inc
+++ b/etc/inc/pkg-utils.inc
@@ -57,7 +57,7 @@ if(!function_exists("update_status")) {
 }
 if(!function_exists("update_output_window")) {
 	function update_output_window($status) {
-		echo $status . "\n";
+		echo htmlspecialchars($status) . "\n";
 	}
 }
 
-- 
cgit v1.1