From 8ae9a909901ddb13306e6ac494240ff1fa720c4d Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Mon, 21 Dec 2015 10:29:40 -0500
Subject: Encode hostname before printing; remove some related dead code.

---
 src/usr/local/www/head.inc                                      | 4 ++--
 src/usr/local/www/pkg.php                                       | 5 -----
 src/usr/local/www/status_carp.php                               | 5 -----
 src/usr/local/www/widgets/widgets/system_information.widget.php | 2 +-
 src/usr/local/www/wizard.php                                    | 5 -----
 5 files changed, 3 insertions(+), 18 deletions(-)

(limited to 'src/usr')

diff --git a/src/usr/local/www/head.inc b/src/usr/local/www/head.inc
index 619141b..c8e99dd 100755
--- a/src/usr/local/www/head.inc
+++ b/src/usr/local/www/head.inc
@@ -61,9 +61,9 @@ header('Content-Type: text/html; charset=utf-8');
 $pagetitle = gentitle($pgtitle);
 
 if (isset($config['system']['webgui']['pagenamefirst'])) {
-	$tabtitle = $pagetitle . " - " . $config['system']['hostname'] . "." . $config['system']['domain'];
+	$tabtitle = $pagetitle . " - " . htmlspecialchars($config['system']['hostname'] . "." . $config['system']['domain']);
 } else {
-	$tabtitle = $config['system']['hostname'] . "." . $config['system']['domain'] . " - " . $pagetitle;
+	$tabtitle = htmlspecialchars($config['system']['hostname'] . "." . $config['system']['domain']) . " - " . $pagetitle;
 }
 
 $cssfile = "/bootstrap/css/pfSense.css";
diff --git a/src/usr/local/www/pkg.php b/src/usr/local/www/pkg.php
index 7c4bf06..3bf0097 100755
--- a/src/usr/local/www/pkg.php
+++ b/src/usr/local/www/pkg.php
@@ -63,11 +63,6 @@
 require_once("guiconfig.inc");
 require_once("pkg-utils.inc");
 
-function gentitle_pkg($pgname) {
-	global $config;
-	return $config['system']['hostname'] . "." . $config['system']['domain'] . " - " . $pgname;
-}
-
 function domTT_title($title_msg) {
 	print "onmouseout=\"this.style.color = ''; domTT_mouseout(this, event);\" onmouseover=\"domTT_activate(this, event, 'content', '".gettext($title_msg)."', 'trail', true, 'delay', 0, 'fade', 'both', 'fadeMax', 93, 'styleClass', 'niceTitle');\"";
 }
diff --git a/src/usr/local/www/status_carp.php b/src/usr/local/www/status_carp.php
index ad908b2..07dde06 100644
--- a/src/usr/local/www/status_carp.php
+++ b/src/usr/local/www/status_carp.php
@@ -63,11 +63,6 @@
 require_once("guiconfig.inc");
 require_once("globals.inc");
 
-function gentitle_pkg($pgname) {
-	global $config;
-	return $config['system']['hostname'] . "." . $config['system']['domain'] . " - " . $pgname;
-}
-
 unset($interface_arr_cache);
 unset($carp_interface_count_cache);
 unset($interface_ip_arr_cache);
diff --git a/src/usr/local/www/widgets/widgets/system_information.widget.php b/src/usr/local/www/widgets/widgets/system_information.widget.php
index 03c439b..c5da475 100644
--- a/src/usr/local/www/widgets/widgets/system_information.widget.php
+++ b/src/usr/local/www/widgets/widgets/system_information.widget.php
@@ -111,7 +111,7 @@ $filesystems = get_mounted_filesystems();
 	<tbody>
 		<tr>
 			<th><?=gettext("Name");?></th>
-			<td><?php echo $config['system']['hostname'] . "." . $config['system']['domain']; ?></td>
+			<td><?php echo htmlspecialchars($config['system']['hostname'] . "." . $config['system']['domain']); ?></td>
 		</tr>
 		<tr>
 			<th><?=gettext("Version");?></th>
diff --git a/src/usr/local/www/wizard.php b/src/usr/local/www/wizard.php
index 0cb8496..e88b034 100644
--- a/src/usr/local/www/wizard.php
+++ b/src/usr/local/www/wizard.php
@@ -71,11 +71,6 @@ require_once("system.inc");
 // This causes the step #, field type and field name to be printed at the top of the page
 define(DEBUG, false);
 
-function gentitle_pkg($pgname) {
-	global $config;
-	return $config['system']['hostname'] . "." . $config['system']['domain'] . " - " . $pgname;
-}
-
 global $g;
 
 $stepid = htmlspecialchars($_GET['stepid']);
-- 
cgit v1.1