From b6ab9bd29026fdf685bee7179000e69c7380a3ef Mon Sep 17 00:00:00 2001
From: Ermal <eri@pfsense.org>
Date: Wed, 1 Dec 2010 11:52:55 +0000
Subject: Ticket #1060. Escape even the alias entry descritpions.

---
 usr/local/www/firewall_rules.php | 2 +-
 usr/local/www/guiconfig.inc      | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

(limited to 'usr')

diff --git a/usr/local/www/firewall_rules.php b/usr/local/www/firewall_rules.php
index 329fef9..ae4f60e 100755
--- a/usr/local/www/firewall_rules.php
+++ b/usr/local/www/firewall_rules.php
@@ -550,7 +550,7 @@ if($_REQUEST['undodrag']) {
 				$schedstatus = false;
 				$dayArray = array (gettext('Mon'),gettext('Tues'),gettext('Wed'),gettext('Thur'),gettext('Fri'),gettext('Sat'),gettext('Sun'));
 				$monthArray = array (gettext('January'),gettext('February'),gettext('March'),gettext('April'),gettext('May'),gettext('June'),gettext('July'),gettext('August'),gettext('September'),gettext('October'),gettext('November'),gettext('December'));
-				if($config['schedules']['schedule'] <> "" and is_array($config['schedules']['schedule'])){
+				if($config['schedules']['schedule'] <> "" and is_array($config['schedules']['schedule'])) {
 					foreach ($a_schedules as $schedule)
 					{
 						if ($schedule['name'] == $filterent['sched'] ){
diff --git a/usr/local/www/guiconfig.inc b/usr/local/www/guiconfig.inc
index bafb8fa..70f9459 100755
--- a/usr/local/www/guiconfig.inc
+++ b/usr/local/www/guiconfig.inc
@@ -1059,7 +1059,8 @@ function rule_popup($src,$srcport,$dst,$dstport){
                         	$alias_caption = substr($alias_caption, 0, $maxlength) . "...";
 
 			$alias_caption_escaped = str_replace("'", "\'", $alias_caption);
-			$span_begin = "<span style=\"cursor: help;\" onmouseover=\"domTT_activate(this, event, 'content', '<h1>$alias_caption_escaped</h1><p>$alias_content_text</p>', 'trail', true, 'delay', 0, 'fade', 'both', 'fadeMax', 93, 'styleClass', 'niceTitle');\" onmouseout=\"this.style.color = ''; domTT_mouseout(this, event);\"><U>";
+			$alias_content_escaped = str_replace("'", "\'", $alias_content_text);
+			$span_begin = "<span style=\"cursor: help;\" onmouseover=\"domTT_activate(this, event, 'content', '<h1>$alias_caption_escaped</h1><p>$alias_content_escaped</p>', 'trail', true, 'delay', 0, 'fade', 'both', 'fadeMax', 93, 'styleClass', 'niceTitle');\" onmouseout=\"this.style.color = ''; domTT_mouseout(this, event);\"><U>";
 
                 	if ($alias_name['name'] == $src)
                         	$alias_src_span_begin = $span_begin;
-- 
cgit v1.1