From ce9d5d7255919b47abf28314dbe6eaa2769a92e4 Mon Sep 17 00:00:00 2001
From: Renato Botelho <garga@FreeBSD.org>
Date: Tue, 17 Jun 2014 15:13:42 -0300
Subject: Protect servicestatusfilter parameter with htmlspecialchars()

---
 usr/local/www/widgets/widgets/services_status.widget.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'usr/local/www/widgets')

diff --git a/usr/local/www/widgets/widgets/services_status.widget.php b/usr/local/www/widgets/widgets/services_status.widget.php
index ee8d521..86fa7f3 100644
--- a/usr/local/www/widgets/widgets/services_status.widget.php
+++ b/usr/local/www/widgets/widgets/services_status.widget.php
@@ -41,7 +41,7 @@ require_once("/usr/local/www/widgets/include/services_status.inc");
 $services = get_services();
 
 if(isset($_POST['servicestatusfilter'])) {
-	$config['widgets']['servicestatusfilter'] = $_POST['servicestatusfilter'];
+	$config['widgets']['servicestatusfilter'] = htmlspecialchars($_POST['servicestatusfilter'], ENT_QUOTES | ENT_HTML401);
 	write_config("Saved Service Status Filter via Dashboard");
 	header("Location: ../../index.php");
 }
-- 
cgit v1.1