From daab67a170ddf38a76605e32a56874780e82b62d Mon Sep 17 00:00:00 2001
From: Scott Ullrich <sullrich@pfsense.org>
Date: Wed, 10 Nov 2010 09:49:21 -0500
Subject: Fix misc XSS issues from davey b

---
 usr/local/www/diag_logs_vpn.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'usr/local/www/diag_logs_vpn.php')

diff --git a/usr/local/www/diag_logs_vpn.php b/usr/local/www/diag_logs_vpn.php
index 36bdb58..adef3e1 100755
--- a/usr/local/www/diag_logs_vpn.php
+++ b/usr/local/www/diag_logs_vpn.php
@@ -49,8 +49,8 @@ $nentries = $config['syslog']['nentries'];
 if (!$nentries)
 	$nentries = 50;
 
-$vpntype = ($_GET['vpntype']) ? $_GET['vpntype'] : "pptp";
-$mode = ($_GET['mode']) ? $_GET['mode'] : "login";
+$vpntype = (htmlspecialchars($_GET['vpntype'])) ? htmlspecialchars($_GET['vpntype']) : "pptp";
+$mode = (htmlspecialchars($_GET['mode'])) ? htmlspecialchars($_GET['mode']) : "login";
 
 if ($_POST['clear']) 
 	clear_log_file("/var/log/vpn.log");
-- 
cgit v1.1