From 7cf76e8bb53dbb637f2800150380601105fb1ce2 Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Wed, 31 Oct 2012 14:23:46 -0400
Subject: Encode the interface parameter before using it in a redirect

---
 usr/local/www/firewall_rules_edit.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'usr/local')

diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php
index e054a6c..ba9b3ce 100755
--- a/usr/local/www/firewall_rules_edit.php
+++ b/usr/local/www/firewall_rules_edit.php
@@ -574,7 +574,7 @@ if ($_POST) {
 		if (isset($_POST['floating']))
 			header("Location: firewall_rules.php?if=FloatingRules");
 		else
-			header("Location: firewall_rules.php?if=" . $_POST['interface']);
+			header("Location: firewall_rules.php?if=" . htmlspecialchars($_POST['interface']));
 		exit;
 	}
 }
-- 
cgit v1.1