Fix unescaped output in ipv6 search page (#15327)

2024-10-07 16:52:45 +00:00 · 2023-09-15 16:05:08 -05:00
parent ba67d886c8
commit 8fd8d9b06a
1 changed files with 3 additions and 3 deletions
--- a/includes/html/pages/search/ipv6.inc.php
+++ b/includes/html/pages/search/ipv6.inc.php
@@ -74,7 +74,7 @@ if ($_POST['interface'] == 'Vlan%') {
                "</select>"+
                "</div>"+
                "<div class=\"form-group\">"+
-                "<input type=\"text\" name=\"address\" id=\"address\" size=40 value=\"<?php echo $_POST['address']; ?>\" class=\"form-control input-sm\" placeholder=\"IPv6 Address\"/>"+
+                "<input type=\"text\" name=\"address\" id=\"address\" size=40 value=\"<?php echo htmlspecialchars($_POST['address']); ?>\" class=\"form-control input-sm\" placeholder=\"IPv6 Address\"/>"+
                "</div>"+
                "<button type=\"submit\" class=\"btn btn-default input-sm\">Search</button>"+
                "</form></span></div>"+
@@ -86,8 +86,8 @@ if ($_POST['interface'] == 'Vlan%') {
            id: "address-search",
            search_type: "ipv6",
            device_id: '<?php echo htmlspecialchars($_POST['device_id']); ?>',
-            interface: '<?php echo $_POST['interface']; ?>',
-            address: '<?php echo $_POST['address']; ?>'
+            interface: '<?php echo htmlspecialchars($_POST['interface']); ?>',
+            address: '<?php echo htmlspecialchars($_POST['address']); ?>'
        };
    },
    url: "ajax_table.php",