From e653b6e118bbc28fb60d27529104d73dc44d9631 Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Wed, 31 Oct 2012 14:06:34 -0400
Subject: Encode the if parameter before using it in redirects, too.

Conflicts:

	usr/local/www/firewall_rules.php
---
 usr/local/www/firewall_rules.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'usr/local')

diff --git a/usr/local/www/firewall_rules.php b/usr/local/www/firewall_rules.php
index 85e4eff..3cbc398 100755
--- a/usr/local/www/firewall_rules.php
+++ b/usr/local/www/firewall_rules.php
@@ -212,7 +212,7 @@ if ($_GET['act'] == "del") {
 		unset($a_filter[$_GET['id']]);
 		if (write_config())
 			mark_subsystem_dirty('filter');
-		header("Location: firewall_rules.php?if={$if}");
+		header("Location: firewall_rules.php?if=" . htmlspecialchars($if));
 		exit;
 	}
 }
@@ -230,7 +230,7 @@ if (isset($_POST['del_x'])) {
 		}
 		if (write_config())
 			mark_subsystem_dirty('filter');
-		header("Location: firewall_rules.php?if={$if}");
+		header("Location: firewall_rules.php?if=" . htmlspecialchars($if));
 		exit;
 	}
 } else if ($_GET['act'] == "toggle") {
@@ -241,7 +241,7 @@ if (isset($_POST['del_x'])) {
                         $a_filter[$_GET['id']]['disabled'] = true;
 		if (write_config())
 			mark_subsystem_dirty('filter');
-		header("Location: firewall_rules.php?if={$if}");
+		header("Location: firewall_rules.php?if=" . htmlspecialchars($if));
 		exit;
 	}
 } else {
@@ -285,7 +285,7 @@ if (isset($_POST['del_x'])) {
 		$a_filter = $a_filter_new;
 		if (write_config())
 			mark_subsystem_dirty('filter');
-		header("Location: firewall_rules.php?if={$if}");
+		header("Location: firewall_rules.php?if=" . htmlspecialchars($if));
 		exit;
 	}
 }
-- 
cgit v1.1