aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
authorjim-p <jimp@pfsense.org>2015-10-01 11:05:23 -0400
committerjim-p <jimp@pfsense.org>2015-10-01 11:05:38 -0400
commit22a8681e70bc2218b3f41830bd37edbd47f649cb (patch)
tree33f844404b79ac66b7f9cc7e37ace63fec177da8 /config
parentd238244e096816c15ab0f0a8eb64c224d2fff36c (diff)
downloadpfsense-packages-22a8681e70bc2218b3f41830bd37edbd47f649cb.tar.gz
pfsense-packages-22a8681e70bc2218b3f41830bd37edbd47f649cb.tar.bz2
pfsense-packages-22a8681e70bc2218b3f41830bd37edbd47f649cb.zip
Work around a potential XSS in spamd_db.php. Small version bump for spamd.
Diffstat (limited to 'config')
-rw-r--r--config/spamd/spamd.xml2
-rw-r--r--config/spamd/spamd_db.php2
2 files changed, 2 insertions, 2 deletions
diff --git a/config/spamd/spamd.xml b/config/spamd/spamd.xml
index de03d224..5accb790 100644
--- a/config/spamd/spamd.xml
+++ b/config/spamd/spamd.xml
@@ -42,7 +42,7 @@
]]>
</copyright>
<name>spamdsources</name>
- <version>1.1.5</version>
+ <version>1.1.5.1</version>
<title>SpamD: External Sources</title>
<include_file>/usr/local/pkg/spamd.inc</include_file>
<backup_file>/var/db/spamd</backup_file>
diff --git a/config/spamd/spamd_db.php b/config/spamd/spamd_db.php
index c81f5916..d544ce16 100644
--- a/config/spamd/spamd_db.php
+++ b/config/spamd/spamd_db.php
@@ -55,7 +55,7 @@ if ($spamtrapemail) {
/* handle AJAX operations */
if ($_GET['action'] or $_POST['action']) {
/* echo back buttonid so it can be turned back off when request is completed. */
- echo $_GET['buttonid'] . "|";
+ echo htmlspecialchars($_GET['buttonid']) . "|";
if ($_GET['action']) {
$action = $_GET['action'];
}