* escape html entities in network interface settings

the command `ip address show eth0` returns special characters like "<" and ">" which, if left unescaped and shown on the page, will create arbitrary html elements and hide information. * show interface settings inside unstyled pre block interface properties should be parsed and displayed in a proprietary and pretty manner. until then, give use the raw output of `ip address show`
2025-03-01 10:31:47 +00:00 · 2019-07-30 14:10:42 +02:00
parent 1b32ed53d6
commit 3db99c7d21
2 changed files with 4 additions and 1 deletions
--- a/includes/networking.php
+++ b/includes/networking.php
@@ -44,7 +44,9 @@ function DisplayNetworkingConfig()
                            echo '<div class="col-md-6">
                            <div class="panel panel-default">
                                <div class="panel-heading">'.htmlspecialchars($interface, ENT_QUOTES).'</div>
-                                <div class="panel-body" id="'.htmlspecialchars($interface, ENT_QUOTES).'-summary"></div>
+                                <div class="panel-body">
+                                  <pre class="unstyled" id="'.htmlspecialchars($interface, ENT_QUOTES).'-summary"></pre>
+                                </div>
                            </div>
                            </div>';
                        }