From 1ce2e5d2530cc1a076fc2ae49e653dc8935dd6a5 Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Tue, 18 Aug 2015 09:35:56 -0400
Subject: Fix a potential XSS in voucher testing.

---
 usr/local/www/status_captiveportal_test.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'usr/local/www/status_captiveportal_test.php')

diff --git a/usr/local/www/status_captiveportal_test.php b/usr/local/www/status_captiveportal_test.php
index 4caafb4..ddb5b43 100644
--- a/usr/local/www/status_captiveportal_test.php
+++ b/usr/local/www/status_captiveportal_test.php
@@ -108,10 +108,10 @@ if ($_POST) {
         foreach ($test_results as $result) {
             if (strpos($result, " good ") || strpos($result, " granted ")) {
                 echo "<tr><td bgcolor=\"#D9DEE8\"><img src=\"/themes/{$g['theme']}/images/icons/icon_pass.gif\" alt=\"pass\" /></td>";
-                echo "<td bgcolor=\"#D9DEE8\">$result</td></tr>";
+                echo "<td bgcolor=\"#D9DEE8\">" . htmlspecialchars($result) . "</td></tr>";
             } else {
                 echo "<tr><td bgcolor=\"#FFD9D1\"><img src=\"/themes/{$g['theme']}/images/icons/icon_block.gif\" alt=\"block\" /></td>";
-                echo "<td bgcolor=\"#FFD9D1\">$result</td></tr>";
+                echo "<td bgcolor=\"#FFD9D1\">" . htmlspecialchars($result) . "</td></tr>";
             }
         }
         echo "</table>";
-- 
cgit v1.1