diff options
author | jim-p <jimp@pfsense.org> | 2015-10-01 10:37:20 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2015-10-01 10:37:52 -0400 |
commit | c352ca07b4fbffc3efe846530bd4ae0a40cb6e0d (patch) | |
tree | 8297113494bb06ddf9db66884b45983c33c0c727 /config/snort/snort_ip_list_mgmt.php | |
parent | 61c51f185fce33bef11164cb7224f4d64708b9ee (diff) | |
download | pfsense-packages-c352ca07b4fbffc3efe846530bd4ae0a40cb6e0d.tar.gz pfsense-packages-c352ca07b4fbffc3efe846530bd4ae0a40cb6e0d.tar.bz2 pfsense-packages-c352ca07b4fbffc3efe846530bd4ae0a40cb6e0d.zip |
Work around a potential XSS in snort_ip_list_mgmt.php, small version bump for snort.
Diffstat (limited to 'config/snort/snort_ip_list_mgmt.php')
-rw-r--r-- | config/snort/snort_ip_list_mgmt.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/config/snort/snort_ip_list_mgmt.php b/config/snort/snort_ip_list_mgmt.php index 20d486c6..1ff25bd5 100644 --- a/config/snort/snort_ip_list_mgmt.php +++ b/config/snort/snort_ip_list_mgmt.php @@ -208,15 +208,15 @@ if ($savemsg) </thead> <?php foreach ($ipfiles as $file): ?> <tr> - <td class="listr"><?php echo gettext($file); ?></td> + <td class="listr"><?php echo htmlspecialchars(gettext($file)); ?></td> <td class="listr"><?=date('M-d Y g:i a', filemtime("{$iprep_path}{$file}")); ?></td> <td class="listr"><?=format_bytes(filesize("{$iprep_path}{$file}")); ?> </td> <td class="list"><input type="image" name="iplist_edit[]" id="iplist_edit[]" - onClick="document.getElementById('iplist_fname').value='<?=$file;?>';" + onClick="document.getElementById('iplist_fname').value='<?=addslashes($file);?>';" src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="<?php echo gettext('Edit this IP List');?>"/> <input type="image" name="iplist_delete[]" id="iplist_delete[]" - onClick="document.getElementById('iplist_fname').value='<?=$file;?>'; + onClick="document.getElementById('iplist_fname').value='<?=addslashes($file);?>'; return confirm('<?=gettext("Are you sure you want to permanently delete this IP List file? Click OK to continue or CANCEL to quit.");?>');" src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="<?php echo gettext('Delete this IP List');?>"/></td> |