From 353729379264fdbdf0ba209634647ce645ffc89d Mon Sep 17 00:00:00 2001
From: Renato Botelho <renato@netgate.com>
Date: Tue, 20 Sep 2016 07:16:31 -0300
Subject: Sanitize 'zone' parameter on CP pages

---
 src/usr/local/www/services_captiveportal_zones_edit.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/usr/local/www/services_captiveportal_zones_edit.php')

diff --git a/src/usr/local/www/services_captiveportal_zones_edit.php b/src/usr/local/www/services_captiveportal_zones_edit.php
index 4ad1013..824143c 100644
--- a/src/usr/local/www/services_captiveportal_zones_edit.php
+++ b/src/usr/local/www/services_captiveportal_zones_edit.php
@@ -62,7 +62,7 @@ if ($_POST) {
 	}
 
 	if (!$input_errors) {
-		$cpzone = strtolower($_POST['zone']);
+		$cpzone = strtolower(htmlspecialchars($_POST['zone']);
 		$a_cp[$cpzone] = array();
 		$a_cp[$cpzone]['zone'] = str_replace(" ", "", $_POST['zone']);
 		$a_cp[$cpzone]['descr'] = $_POST['descr'];
-- 
cgit v1.1