firewall: fix potential XSS

Spotted by: @fabianfrz
2026-03-20 11:26:13 +00:00 · 2016-03-17 10:59:35 +01:00 · 2016-03-17 10:59:35 +01:00 · ff6f234102
commit ff6f234102
parent b1034aab94
1 changed files with 1 additions and 1 deletions
--- a/src/www/firewall_aliases_edit.php
+++ b/src/www/firewall_aliases_edit.php
@ -231,7 +231,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
    }
 }

-$referer = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '/firewall_aliases.php');
+$referer = (isset($_SERVER['HTTP_REFERER']) ? html_safe($_SERVER['HTTP_REFERER']) : '/firewall_aliases.php');

 legacy_html_escape_form_data($pconfig);