From daab67a170ddf38a76605e32a56874780e82b62d Mon Sep 17 00:00:00 2001
From: Scott Ullrich <sullrich@pfsense.org>
Date: Wed, 10 Nov 2010 09:49:21 -0500
Subject: Fix misc XSS issues from davey b

---
 usr/local/www/diag_logs_filter.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'usr/local/www/diag_logs_filter.php')

diff --git a/usr/local/www/diag_logs_filter.php b/usr/local/www/diag_logs_filter.php
index 02b2591..025a7a3 100755
--- a/usr/local/www/diag_logs_filter.php
+++ b/usr/local/www/diag_logs_filter.php
@@ -73,9 +73,9 @@ if($_GET['dnsip'] or $_POST['dnsip']) {
 $filtertext = "";
 if($_GET['filtertext'] or $_POST['filtertext']) {
 	if($_GET['filtertext'])
-		$filtertext = $_GET['filtertext'];
+		$filtertext = htmlspecialchars($_GET['filtertext']);
 	if($_POST['filtertext'])
-		$filtertext = $_POST['filtertext'];
+		$filtertext = htmlspecialchars($_POST['filtertext']);
 }
 
 $filter_logfile = "{$g['varlog_path']}/filter.log";
-- 
cgit v1.1