From 593d7525aeeebc30670547d7662195cade9b09f2 Mon Sep 17 00:00:00 2001 From: Franco Fichtner <franco@opnsense.org> Date: Sat, 28 Jan 2017 23:37:41 +0100 Subject: [PATCH] wizard: do not interpret passed values for #1359 --- src/www/wizard.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/www/wizard.php b/src/www/wizard.php index ab19047c1..b6fc6a910 100644 --- a/src/www/wizard.php +++ b/src/www/wizard.php @@ -197,7 +197,7 @@ function update_config_field($field, $updatetext, $unset, $arraynum, $field_type if($field_type == "interfaces_selection") { $var = "\$config{$field_conv}"; $text = "if (isset({$var})) unset({$var});"; - $text .= "\$config" . $field_conv . " = \"" . $updatetext . "\";"; + $text .= "\$config" . $field_conv . " = '" . addslashes($updatetext) . "';"; eval($text); return; } @@ -206,7 +206,7 @@ function update_config_field($field, $updatetext, $unset, $arraynum, $field_type $text = "unset(\$config" . $field_conv . ");"; eval($text); } - $text = "\$config" . $field_conv . " = \"" . addslashes($updatetext) . "\";"; + $text = "\$config" . $field_conv . " = '" . addslashes($updatetext) . "';"; eval($text); } -- 2.21.0