1
0
mirror of https://github.com/billz/raspap-webgui.git synced 2023-10-10 13:37:24 +02:00

Merge pull request #242 from D9ping/patch-1

Fix xss in interface parameter.
This commit is contained in:
Bill Zimmerman 2018-10-03 16:58:07 +02:00 committed by GitHub
commit 45a7d0a574
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -508,7 +508,7 @@ function SaveHostAPDConfig($wpa_array, $enc_types, $modes, $interfaces, $status)
if (! in_array($_POST['interface'], $interfaces)) {
// The user is probably up to something here but it may also be a
// genuine error.
$status->addMessage('Unknown interface '.$_POST['interface'], 'danger');
$status->addMessage('Unknown interface '.htmlspecialchars($_POST['interface'], ENT_QUOTES), 'danger');
$good_input = false;
}