From 22a8681e70bc2218b3f41830bd37edbd47f649cb Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Thu, 1 Oct 2015 11:05:23 -0400
Subject: Work around a potential XSS in spamd_db.php. Small version bump for
 spamd.

---
 config/spamd/spamd_db.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'config/spamd/spamd_db.php')

diff --git a/config/spamd/spamd_db.php b/config/spamd/spamd_db.php
index c81f5916..d544ce16 100644
--- a/config/spamd/spamd_db.php
+++ b/config/spamd/spamd_db.php
@@ -55,7 +55,7 @@ if ($spamtrapemail) {
 /* handle AJAX operations */
 if ($_GET['action'] or $_POST['action']) {
 	/* echo back buttonid so it can be turned  back off when request is completed. */
-	echo $_GET['buttonid'] . "|";
+	echo htmlspecialchars($_GET['buttonid']) . "|";
 	if ($_GET['action']) {
 		$action = $_GET['action'];
 	}
-- 
cgit v1.2.3