From bb33a33724161823b6bd35e7f0f19a1d551cda82 Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Wed, 31 Oct 2012 14:23:46 -0400
Subject: Encode the interface parameter before using it in a redirect

---
 usr/local/www/firewall_rules_edit.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'usr/local')

diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php
index 119d347..1e7bf9e 100755
--- a/usr/local/www/firewall_rules_edit.php
+++ b/usr/local/www/firewall_rules_edit.php
@@ -651,7 +651,7 @@ if ($_POST) {
 		if (isset($_POST['floating']))
 			header("Location: firewall_rules.php?if=FloatingRules");
 		else
-			header("Location: firewall_rules.php?if=" . $_POST['interface']);
+			header("Location: firewall_rules.php?if=" . htmlspecialchars($_POST['interface']));
 		exit;
 	}
 }
-- 
cgit v1.1