diff options
author | jim-p <jimp@pfsense.org> | 2015-10-01 10:37:20 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2015-10-01 10:37:52 -0400 |
commit | c352ca07b4fbffc3efe846530bd4ae0a40cb6e0d (patch) | |
tree | 8297113494bb06ddf9db66884b45983c33c0c727 /config | |
parent | 61c51f185fce33bef11164cb7224f4d64708b9ee (diff) | |
download | pfsense-packages-c352ca07b4fbffc3efe846530bd4ae0a40cb6e0d.tar.gz pfsense-packages-c352ca07b4fbffc3efe846530bd4ae0a40cb6e0d.tar.bz2 pfsense-packages-c352ca07b4fbffc3efe846530bd4ae0a40cb6e0d.zip |
Work around a potential XSS in snort_ip_list_mgmt.php, small version bump for snort.
Diffstat (limited to 'config')
-rwxr-xr-x | config/snort/snort.xml | 2 | ||||
-rw-r--r-- | config/snort/snort_ip_list_mgmt.php | 6 |
2 files changed, 4 insertions, 4 deletions
diff --git a/config/snort/snort.xml b/config/snort/snort.xml index 18e6ef20..612fbaa8 100755 --- a/config/snort/snort.xml +++ b/config/snort/snort.xml @@ -45,7 +45,7 @@ </copyright> <description>Snort IDS/IPS Package</description> <name>Snort</name> - <version>3.2.8</version> + <version>3.2.8.1</version> <title>Services: Snort IDS</title> <include_file>/usr/local/pkg/snort/snort.inc</include_file> <menu> diff --git a/config/snort/snort_ip_list_mgmt.php b/config/snort/snort_ip_list_mgmt.php index 20d486c6..1ff25bd5 100644 --- a/config/snort/snort_ip_list_mgmt.php +++ b/config/snort/snort_ip_list_mgmt.php @@ -208,15 +208,15 @@ if ($savemsg) </thead> <?php foreach ($ipfiles as $file): ?> <tr> - <td class="listr"><?php echo gettext($file); ?></td> + <td class="listr"><?php echo htmlspecialchars(gettext($file)); ?></td> <td class="listr"><?=date('M-d Y g:i a', filemtime("{$iprep_path}{$file}")); ?></td> <td class="listr"><?=format_bytes(filesize("{$iprep_path}{$file}")); ?> </td> <td class="list"><input type="image" name="iplist_edit[]" id="iplist_edit[]" - onClick="document.getElementById('iplist_fname').value='<?=$file;?>';" + onClick="document.getElementById('iplist_fname').value='<?=addslashes($file);?>';" src="../themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" title="<?php echo gettext('Edit this IP List');?>"/> <input type="image" name="iplist_delete[]" id="iplist_delete[]" - onClick="document.getElementById('iplist_fname').value='<?=$file;?>'; + onClick="document.getElementById('iplist_fname').value='<?=addslashes($file);?>'; return confirm('<?=gettext("Are you sure you want to permanently delete this IP List file? Click OK to continue or CANCEL to quit.");?>');" src="../themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="<?php echo gettext('Delete this IP List');?>"/></td> |