From ec1f8022fe2e681a4d90cbeaf7b005c46c78e8aa Mon Sep 17 00:00:00 2001
From: Tom <D9ping@users.noreply.github.com>
Date: Tue, 2 Oct 2018 12:58:50 +0200
Subject: [PATCH] Fix xss in interface parameter.

---
 includes/hostapd.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/includes/hostapd.php b/includes/hostapd.php
index c5a41bd3..f484fb0c 100755
--- a/includes/hostapd.php
+++ b/includes/hostapd.php
@@ -508,7 +508,7 @@ function SaveHostAPDConfig($wpa_array, $enc_types, $modes, $interfaces, $status)
   if (! in_array($_POST['interface'], $interfaces)) {
     // The user is probably up to something here but it may also be a
     // genuine error.
-    $status->addMessage('Unknown interface '.$_POST['interface'], 'danger');
+    $status->addMessage('Unknown interface '.htmlspecialchars($_POST['interface'], ENT_QUOTES), 'danger');
     $good_input = false;
   }