Merge pull request #629 from bmeeks8/master

Suricata 1.4.6 pkg. v0.3-BETA Package Update

1 files changed, 6 insertions, 4 deletions

diff --git a/config/suricata/suricata_list_view.php b/config/suricata/suricata_list_view.php
index 2ff121f2..b6616909 100644
--- a/config/suricata/suricata_list_view.php
+++ b/config/suricata/suricata_list_view.php
@@ -34,9 +34,11 @@ global $g, $config;
 
 $contents = '';
 
-$id = $_GET['id'];
-$wlist = $_GET['wlist'];
-$type = $_GET['type'];
+if (isset($_GET['id']) && is_numericint($_GET['id']))
+	$id = htmlspecialchars($_GET['id']);
+
+$wlist = htmlspecialchars($_GET['wlist']);
+$type = htmlspecialchars($_GET['type']);
 
 if (isset($id) && isset($wlist)) {
 	$a_rule = $config['installedpackages']['suricata']['rule'][$id];
@@ -86,7 +88,7 @@ $pgtitle = array(gettext("Suricata"), gettext(ucfirst($type) . " Viewer"));
 		<tr>
 			<td colspan="2" valign="top" class="label">
 			<div style="background: #eeeeee; width:100%; height:100%;" id="textareaitem"><!-- NOTE: The opening *and* the closing textarea tag must be on the same line. -->
-			<textarea style="width:100%; height:100%;" readonly wrap="off" rows="25" cols="80" name="code2"><?=$contents;?></textarea>
+			<textarea style="width:100%; height:100%;" readonly wrap="off" rows="25" cols="80" name="code2"><?=htmlspecialchars($contents);?></textarea>
 			</div>
 			</td>
 		</tr>