aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
authorjim-p <jimp@pfsense.org>2015-10-01 10:37:20 -0400
committerjim-p <jimp@pfsense.org>2015-10-01 10:37:52 -0400
commitc352ca07b4fbffc3efe846530bd4ae0a40cb6e0d (patch)
tree8297113494bb06ddf9db66884b45983c33c0c727 /config
parent61c51f185fce33bef11164cb7224f4d64708b9ee (diff)
downloadpfsense-packages-c352ca07b4fbffc3efe846530bd4ae0a40cb6e0d.tar.gz
pfsense-packages-c352ca07b4fbffc3efe846530bd4ae0a40cb6e0d.tar.bz2
pfsense-packages-c352ca07b4fbffc3efe846530bd4ae0a40cb6e0d.zip
Work around a potential XSS in snort_ip_list_mgmt.php, small version bump for snort.
Diffstat (limited to 'config')
-rwxr-xr-xconfig/snort/snort.xml2
-rw-r--r--config/snort/snort_ip_list_mgmt.php6
2 files changed, 4 insertions, 4 deletions
diff --git a/config/snort/snort.xml b/config/snort/snort.xml
index 18e6ef20..612fbaa8 100755
--- a/config/snort/snort.xml
+++ b/config/snort/snort.xml
@@ -45,7 +45,7 @@
</copyright>
<description>Snort IDS/IPS Package</description>
<name>Snort</name>
- <version>3.2.8</version>
+ <version>3.2.8.1</version>
<title>Services: Snort IDS</title>
<include_file>/usr/local/pkg/snort/snort.inc</include_file>
<menu>
diff --git a/config/snort/snort_ip_list_mgmt.php b/config/snort/snort_ip_list_mgmt.php
index 20d486c6..1ff25bd5 100644
--- a/config/snort/snort_ip_list_mgmt.php
+++ b/config/snort/snort_ip_list_mgmt.php
@@ -208,15 +208,15 @@ if ($savemsg)
</thead>
<?php foreach ($ipfiles as $file): ?>
<tr>
- <td class="listr"><?php echo gettext($file); ?></td>
+ <td class="listr"><?php echo htmlspecialchars(gettext($file)); ?></td>
<td class="listr"><?=date('M-d Y g:i a', filemtime("{$iprep_path}{$file}")); ?></td>
<td class="listr"><?=format_bytes(filesize("{$iprep_path}{$file}")); ?> </td>
<td class="list"><input type="image" name="iplist_edit[]" id="iplist_edit[]"
- onClick="document.getElementById('iplist_fname').value='<?=$file;?>';"
+ onClick="document.getElementById('iplist_fname').value='<?=addslashes($file);?>';"
src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17"
height="17" border="0" title="<?php echo gettext('Edit this IP List');?>"/>
<input type="image" name="iplist_delete[]" id="iplist_delete[]"
- onClick="document.getElementById('iplist_fname').value='<?=$file;?>';
+ onClick="document.getElementById('iplist_fname').value='<?=addslashes($file);?>';
return confirm('<?=gettext("Are you sure you want to permanently delete this IP List file? Click OK to continue or CANCEL to quit.");?>');"
src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17"
height="17" border="0" title="<?php echo gettext('Delete this IP List');?>"/></td>